PT-2024-20560 · Go+2 · Go+2

Juho Forsén

Published

2023-12-12

Updated

2025-09-29

CVE-2024-24787

CVSS v3.1

6.4

Medium

Vector

AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.21.10 and 1.22.3

Description The issue allows for arbitrary code execution when building a Go module that contains CGO on Darwin, due to the usage of the -lto library flag in a "#cgo LDFLAGS" directive with the Apple version of ld.

Recommendations For Go versions prior to 1.21.10, upgrade to version 1.21.10 or later to patch the vulnerability. For Go versions prior to 1.22.3, upgrade to version 1.22.3 or later to patch the vulnerability. As a temporary workaround, consider avoiding the use of the -lto library flag in the "#cgo LDFLAGS" directive until a patch is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALSA-2023_7762

ALSA-2023_7763

ALSA-2023_7764

ALSA-2023_7765

ALSA-2023_7766

ALSA-2024_0121

ALSA-2024_0887

ALSA-2024_1131

ALSA-2024_1149

ALSA-2024_1962

ALSA-2024_1963

ALSA-2024_2079

ALSA-2024_2160

ALSA-2024_2193

ALSA-2024_2245

ALSA-2024_2272

ALSA-2024_2562

ALSA-2024_2699

ALSA-2024_2724

ALSA-2024_3259

ALSA-2024_3346

ALSA-2024_3830

ALSA-2024_3831

ALSA-2024_4212

ALSA-2024_4237

ALSA-2024_5291

ALSA-2024_6186

ALSA-2024_6187

ALSA-2024_6188

ALSA-2024_6189

ALSA-2024_6195

ALSA-2024_6908

ALSA-2024_6913

ALSA-2024_6946

ALSA-2024_6947

ALSA-2024_6969

ALSA-2024_7135

ALSA-2024_7136

ALSA-2024_7204

ALSA-2024_7262

ALSA-2024_7349

ALSA-2024_8038

ALSA-2024_8039

ALSA-2024_8110

ALSA-2024_8111

ALSA-2024_8112

ALSA-2024_9089

ALSA-2024_9097

ALSA-2024_9098

ALSA-2024_9115

ALSA-2024_9135

ALSA-2024_9200

ALSA-2024_9277

ALSA-2024_9454

ALSA-2024_9456

ALSA-2024_9459

ALSA-2024_9472

ALSA-2025_16880

ALSA-2025_3772

ALSA-2025_3773

ALSA-2025_7118

ALSA-2025_7256

ALT-PU-2024-11781

ALT-PU-2024-11872

ALT-PU-2024-13971

ALT-PU-2024-16593

ALT-PU-2024-16754

ALT-PU-2024-7548

ALT-PU-2024-7550

ALT-PU-2024-7585

AZL-40428

AZL-79058

BIT-GOLANG-2024-24787

CVE-2024-24787

GO-2024-2825

OPENSUSE-SU-2024:13936-1

OPENSUSE-SU-2024:13941-1

OPENSUSE-SU-2024_1587-1

OPENSUSE-SU-2024_1588-1

OPENSUSE-SU-2024_3089-1

OPENSUSE-SU-2024_3755-1

SUSE-SU-2024:1573-1

SUSE-SU-2024:1574-1

SUSE-SU-2024:1587-1

SUSE-SU-2024:1588-1

SUSE-SU-2024:3089-1

SUSE-SU-2024:3755-1

SUSE-SU-2024:3772-1

SUSE-SU-2024:3938-1

SUSE-SU-2024_1573-1

SUSE-SU-2024_1574-1

SUSE-SU-2024_1587-1

SUSE-SU-2024_1588-1

SUSE-SU-2024_3089-1

SUSE-SU-2024_3755-1

SUSE-SU-2024_3772-1

SUSE-SU-2024_3938-1

Affected Products

Alt Linux

Suse

PT-2024-20560 · Go+2 · Go+2

CVE-2024-24787

Related Identifiers

Affected Products

References · 70