CVE-2024-24787 – Arbitrary code execution during build on Darwin in cmd/go

https://notcve.org/view.php?id=CVE-2024-24787

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive. En Darwin, crear un módulo Go que contenga CGO puede desencadenar la ejecución de código arbitrario cuando se usa la versión Apple de ld, debido al uso del indicador -lto_library en una directiva "#cgo LDFLAGS". • https://github.com/LOURC0D3/CVE-2024-24787-PoC http://www.openwall.com/lists/oss-security/2024/05/08/3 https://go.dev/cl/583815 https://go.dev/issue/67119 https://groups.google.com/g/golang-announce/c/wkkO4P9stm0 https://pkg.go.dev/vuln/GO-2024-2825 https://security.netapp.com/advisory/ntap-20240531-0006 •