What is CVE-2023-39323?

CVE-2023-39323 is a high-severity vulnerability affecting the Go programming language (Golang) and certain Fedora Project versions. This issue involves the misuse of line directives, which can bypass restrictions and allow blocked linker and compiler flags to be passed during compilation. As a result, arbitrary code execution may occur when running go build.

Who is impacted by this?

Specifically, those using Golang up to 1.20.9 and from 1.21.0 up to 1.21.2, as well as Fedora versions 37, 38, and 39, are impacted. . Systems running vulnerable versions of Golang and Fedora Project are at risk, making it crucial for users to update their software to mitigate this security concern.

What should I do if I’m affected?

If you're affected by the CVE-2023-39323 vulnerability, it's important to update your software to mitigate the risk. Follow these simple steps:

1. Update your Go installation to the latest version (Go 1.22).

2. For Fedora users, apply the latest security updates for your system.

3. Regularly check for updates and apply them as needed.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-39323 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CVE-2023-39323, which involves the misuse of line directives in the Go programming language, potentially leading to arbitrary code execution.

Learn More

CVE-2023-39323 is a high-severity vulnerability affecting the Go programming language and certain Fedora Project versions, with potential for arbitrary code execution. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

• golang/go Issue #63211

• Fedora 37 Update: golang-1.20.10-3.fc37