CVE-2024-24787-PoC

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.

This is not my bug, I just made a PoC for it.

Reference

https://pkg.go.dev/vuln/GO-2024-2825

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
README.md		README.md
go.mod		go.mod
malicious.dylib		malicious.dylib
malicious.m		malicious.m
poc.go		poc.go
result.png		result.png

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2024-24787-PoC

Reference

About

Releases

Packages

Languages

LOURC0D3/CVE-2024-24787-PoC

Folders and files

Latest commit

History

Repository files navigation

CVE-2024-24787-PoC

Reference

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages