CVE-2016-3958

Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
golanggo
1.5 ≤
𝑥
< 1.5.4
golanggo
1.6 ≤
𝑥
< 1.6.1
golanggo
1.6
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
golang
wily
not-affected
trusty
dne
precise
not-affected
golang-1.6
wily
dne
trusty
dne
precise
dne
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2016/04/05/1
http://www.openwall.com/lists/oss-security/2016/04/05/2
https://github.com/golang/go/issues/14959
https://go-review.googlesource.com/#/c/21428/
https://groups.google.com/forum/#%21topic/golang-announce/9eqIHqaWvck
http://www.openwall.com/lists/oss-security/2016/04/05/1
http://www.openwall.com/lists/oss-security/2016/04/05/2
https://github.com/golang/go/issues/14959
https://go-review.googlesource.com/#/c/21428/
https://groups.google.com/forum/#%21topic/golang-announce/9eqIHqaWvck