CVE-2023-39325

high

Published 2023-10-16 · Modified 2023-10-17

CVSS v3

—

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2

—

VIR risk

8.0

Description

Important: go-toolset and golang security and bug fix update

Predictions

Exploit likelihood

30%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-5738.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2228743

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-6077.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-5867.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-5863.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:5863

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-5721.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2243296

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2242803

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:5721

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:5738

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:6077

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2023-39325

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2023-39325.html

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:5863

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:5721

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:6818

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:6077

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:5867

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:5738

OS impact

OS	Version	Status
rhel	9	fixed
rocky	8	fixed
sles		affected
debian	bookworm	affected
debian	bullseye	affected
rocky	9	fixed

Package impact

Ecosystem	Package	Vulnerable	Fixed
Go	golang.org/x/net	`<0.17.0`	`0.17.0`
Go	stdlib	`>=1.21.0-0,<1.21.3`	`1.20.10`

References

Verify integrity in audit chain (admin only). AS-IS.