CVE-2024-24787

MEDIUM

Go cmd/go 1.21.10 and 1.22.0-1.22.3 - Code Execution via CGO LDFLAGS

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-24787. PoCs published by LOURC0D3.

AI-analyzed exploit summary This PoC demonstrates CVE-2024-24787, where a Go module with CGO can trigger arbitrary code execution on Darwin systems by exploiting the -lto_library flag in a #cgo LDFLAGS directive. The malicious.dylib is loaded during the build process, leading to RCE.

Description

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.

Exploits (1)

nomisec WORKING POC 5 stars
by LOURC0D3 · poc
https://github.com/LOURC0D3/CVE-2024-24787-PoC

This PoC demonstrates CVE-2024-24787, where a Go module with CGO can trigger arbitrary code execution on Darwin systems by exploiting the -lto_library flag in a #cgo LDFLAGS directive. The malicious.dylib is loaded during the build process, leading to RCE.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Go (with CGO) on Darwin systems
No auth needed
Prerequisites: Darwin system · Go toolchain with CGO enabled · Presence of malicious.dylib in the build environment
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v3 6.4
EPSS 0.0076
EPSS Percentile 50.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

Status published
Products (2)
Go toolchain/cmd/go < 1.21.10
Go toolchain/cmd/go 1.22.0-0 - 1.22.3
Published May 08, 2024
Tracked Since Feb 18, 2026