blob: 1b5421fac2357f47b32b4ad2e0b4f63065d44fca [file] [log] [blame]
id: GO-2022-0220
modules:
- module: std
versions:
- fixed: 1.11.10
- introduced: 1.12.0-0
- fixed: 1.12.2
vulnerable_at: 1.12.1
packages:
- package: runtime
goos:
- windows
- package: syscall
goos:
- windows
symbols:
- LoadDLL
summary: DLL injection on Windows in runtime and syscall
description: |-
Go on Windows misused certain LoadLibrary functionality, leading to DLL
injection.
published: 2022-05-25T18:01:46Z
cves:
- CVE-2019-9634
credits:
- Samuel Cochran
- Jason Donenfeld
references:
- fix: https://go.dev/cl/165798
- fix: https://go.googlesource.com/go/+/9b6e9f0c8c66355c0f0575d808b32f52c8c6d21c
- report: https://go.dev/issue/28978
- web: https://groups.google.com/g/golang-announce/c/z9eTD34GEIs/m/Z_XmhTrVAwAJ
review_status: REVIEWED