Executive Summary

Informations
NameCVE-2018-6574First vendor Publication2018-02-07
VendorCveLast vendor Modification2019-10-02

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score4.6Attack RangeLocal
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6574

CWE : Common Weakness Enumeration

%idName
100 %CWE-94Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application91
Os1
Os1
Os1
Os1
Os1

Nessus® Vulnerability Scanner

DateDescription
2018-08-17Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2018-1_0-0117.nasl - Type : ACT_GATHER_INFO
2018-07-24Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2018-2_0-0026.nasl - Type : ACT_GATHER_INFO
2018-05-11Name : The remote Amazon Linux 2 host is missing a security update.
File : al2_ALAS-2018-1011.nasl - Type : ACT_GATHER_INFO
2018-04-27Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-0878.nasl - Type : ACT_GATHER_INFO
2018-03-27Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-975.nasl - Type : ACT_GATHER_INFO
2018-03-08Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201803-03.nasl - Type : ACT_GATHER_INFO
2018-02-28Name : The remote Fedora host is missing a security update.
File : fedora_2018-6f08b79a09.nasl - Type : ACT_GATHER_INFO
2018-02-21Name : The remote Fedora host is missing a security update.
File : fedora_2018-5562b6e2c0.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
CONFIRM https://github.com/golang/go/issues/23672
https://groups.google.com/forum/#!topic/golang-nuts/Gbhh1NxAjMU
https://groups.google.com/forum/#!topic/golang-nuts/sprOaQ5m3Dk
DEBIAN https://www.debian.org/security/2019/dsa-4380
MISC https://github.com/KINGSABRI/CVE-in-Ruby/tree/master/CVE-2018-6574
REDHAT https://access.redhat.com/errata/RHSA-2018:0878
https://access.redhat.com/errata/RHSA-2018:1304

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
DateInformations
2019-10-03 09:21:26
  • Multiple Updates
2019-03-01 21:19:05
  • Multiple Updates
2019-02-02 17:18:55
  • Multiple Updates
2018-08-14 00:19:37
  • Multiple Updates
2018-05-04 09:19:09
  • Multiple Updates
2018-04-12 09:18:56
  • Multiple Updates
2018-04-05 09:19:44
  • Multiple Updates
2018-03-13 21:19:47
  • Multiple Updates
2018-02-08 05:18:49
  • First insertion