{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T04:57:52.792","vulnerabilities":[{"cve":{"id":"CVE-2023-39323","sourceIdentifier":"security@golang.org","published":"2023-10-05T21:15:11.283","lastModified":"2025-06-12T16:15:20.520","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex."},{"lang":"es","value":"Las directivas de línea (\"//line\") se pueden utilizar para evitar las restricciones de las directivas \"//go:cgo_\", permitiendo que se pasen indicadores bloqueados del enlazador y del compilador durante la compilación. Esto puede provocar la ejecución inesperada de código arbitrario al ejecutar \"go build\". La directiva de línea requiere la ruta absoluta del archivo en el que se encuentra la directiva, lo que hace que explotar este problema sea significativamente más complejo."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*","versionEndExcluding":"1.20.9","matchCriteriaId":"84851C3D-3035-457E-96D9-48E219817D58"},{"vulnerable":true,"criteria":"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*","versionStartIncluding":"1.21.0","versionEndExcluding":"1.21.2","matchCriteriaId":"7381A279-81EB-48D9-8065-C733FA8736B8"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","matchCriteriaId":"E30D0E6F-4AE8-4284-8716-991DFA48CC5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","matchCriteriaId":"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*","matchCriteriaId":"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}]}]}],"references":[{"url":"https://go.dev/cl/533215","source":"security@golang.org","tags":["Patch"]},{"url":"https://go.dev/issue/63211","source":"security@golang.org","tags":["Issue Tracking","Patch"]},{"url":"https://groups.google.com/g/golang-announce/c/XBa1oHDevAo","source":"security@golang.org","tags":["Mailing List","Release Notes"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/","source":"security@golang.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/","source":"security@golang.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/","source":"security@golang.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://pkg.go.dev/vuln/GO-2023-2095","source":"security@golang.org","tags":["Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/202311-09","source":"security@golang.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20231020-0001/","source":"security@golang.org","tags":["Third Party Advisory"]},{"url":"https://go.dev/cl/533215","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://go.dev/issue/63211","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://groups.google.com/g/golang-announce/c/XBa1oHDevAo","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Release Notes"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://pkg.go.dev/vuln/GO-2023-2095","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/202311-09","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20231020-0001/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}