CVE-2016-3958

EPSS 0.15%

Privilege escalation on Windows via malicious DLL in syscall

Published: 1/5/2022Modified: 5/20/2024

Description

Untrusted search path vulnerability on Windows related to LoadLibrary allows local users to gain privileges via a malicious DLL in the current working directory.

Affected packages (1)

Go/stdlibfrom 0, < 1.5.4, >= 1.6.0-0, < 1.6.1

References (4)

PATCHhttps://go.dev/cl/21428
PATCHhttps://go.googlesource.com/go/+/6a0bb87bd0bf0fdf8ddbd35f77a75ebd412f61b0
REPORThttps://go.dev/issue/14959
WEBhttps://groups.google.com/g/golang-announce/c/9eqIHqaWvck