logo

Database

External control of file name or path In stdlib

Description

DLL injection on Windows in runtime and syscall Go on Windows misused certain LoadLibrary functionality, leading to DLL injection.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2019-96342. NVD-2019-96343. OSV-GO-2022-02204. OSV-2019-96345. GCVE-2019-9634

References

1. https://go.dev/cl/1657982. https://go.googlesource.com/go/+/9b6e9f0c8c66355c0f0575d808b32f52c8c6d21c3. https://go.dev/issue/289784. https://groups.google.com/g/golang-announce/c/z9eTD34GEIs/m/Z_XmhTrVAwAJ

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.