CVE-2016-3958

7.8 HIGH

Published: May 23, 2016 Modified: May 06, 2026

Description

Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/04/05/1

Source: cve@mitre.org

Mailing List Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/04/05/2

Source: cve@mitre.org

Mailing List Third Party Advisory

https://github.com/golang/go/issues/14959

Source: cve@mitre.org

Third Party Advisory

https://go-review.googlesource.com/#/c/21428/

Source: cve@mitre.org

Vendor Advisory

https://groups.google.com/forum/#%21topic/golang-announce/9eqIHqaWvck

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2016/04/05/1