CVE-2012-2666

CRITICAL

golang/go <1.0.2 - Code Injection

Title source: llm

Description

golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.

References (5)

[Third Party Advisory] https://www.whitesourcesoftware.com/vulnerability-database/CVE-2012-2666

[Issue Tracking, Patch, Third Party Advisory] https://bugzilla.suse.com/show_bug.cgi?id=765455

[Patch, Third Party Advisory] https://github.com/golang/go/commit/8ac275bb01588a8c0e6c0fe2de7fd11f08feccdd

[Exploit, Third Party Advisory] https://codereview.appspot.com/5992078

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20210902-0009/

Scores

CVSS v3 9.8

EPSS 0.0051

EPSS Percentile 66.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-377

Status published

Products (1)

golang/go 1.0.2

Published Jul 09, 2021

Tracked Since Feb 18, 2026