VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-3mwj-2fpc-aaaf

Essentials
Severities (103)
References (21)
Severity details (17)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-3mwj-2fpc-aaaf
Aliases	CVE-2023-29402
Summary	The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected).
Status	Published
Exploitability	0.5
Weighted Severity	8.8
Risk	4.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-94

Improper Control of Generation of Code ('Code Injection')

System	Score	Found at
cvssv3	7.0	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29402.json
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00124	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00655	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00655	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00655	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00719	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00758	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.02489	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.02489	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.02489	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.02489	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.02489	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.02489	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.02489	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.02489	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.02489	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.02489	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.02489	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.02489	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.02489	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.02489	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.02489	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
epss	0.07216	https://api.first.org/data/v1/epss?cve=CVE-2023-29402
cvssv3.1	9.8	https://go.dev/cl/501226
ssvc	Track	https://go.dev/cl/501226
cvssv3.1	9.8	https://go.dev/issue/60167
ssvc	Track	https://go.dev/issue/60167
cvssv3.1	9.8	https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ
ssvc	Track	https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ
cvssv3.1	9.8	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/
cvssv3.1	9.8	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/
cvssv3	9.8	https://nvd.nist.gov/vuln/detail/CVE-2023-29402
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2023-29402
cvssv3.1	9.8	https://pkg.go.dev/vuln/GO-2023-1839
ssvc	Track	https://pkg.go.dev/vuln/GO-2023-1839
cvssv3.1	9.8	https://security.gentoo.org/glsa/202311-09
ssvc	Track	https://security.gentoo.org/glsa/202311-09

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29402.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-29402
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29402
		https://go.dev/cl/501226
		https://go.dev/issue/60167
		https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/
		https://pkg.go.dev/vuln/GO-2023-1839
		https://security.netapp.com/advisory/ntap-20241213-0004/
2217562		https://bugzilla.redhat.com/show_bug.cgi?id=2217562
cpe:2.3:a:golang:go::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go::::::::
cpe:2.3:o:fedoraproject:fedora:38:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:::::::*
CVE-2023-29402		https://nvd.nist.gov/vuln/detail/CVE-2023-29402
GLSA-202311-09		https://security.gentoo.org/glsa/202311-09
RHSA-2023:3920		https://access.redhat.com/errata/RHSA-2023:3920
RHSA-2023:3922		https://access.redhat.com/errata/RHSA-2023:3922
RHSA-2023:3923		https://access.redhat.com/errata/RHSA-2023:3923
RHSA-2024:4119		https://access.redhat.com/errata/RHSA-2024:4119
USN-7061-1		https://usn.ubuntu.com/7061-1/
USN-7109-1		https://usn.ubuntu.com/7109-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29402.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://go.dev/cl/501226

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-06T21:13:13Z/ Found at https://go.dev/cl/501226

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://go.dev/issue/60167

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-06T21:13:13Z/ Found at https://go.dev/issue/60167

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-06T21:13:13Z/ Found at https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-06T21:13:13Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-29402

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-29402

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://pkg.go.dev/vuln/GO-2023-1839

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-06T21:13:13Z/ Found at https://pkg.go.dev/vuln/GO-2023-1839

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202311-09

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-06T21:13:13Z/ Found at https://security.gentoo.org/glsa/202311-09

Exploit Prediction Scoring System (EPSS)

Percentile	0.27219
EPSS Score	0.00091
Published At	April 15, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.