Bug 2434433 (CVE-2025-61731)

Summary: CVE-2025-61731 cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: caswilli, crizzo, dfreiber, drow, fdeutsch, jburrell, kaycoth, ljawale, luizcosta, nweather, oramraz, rbobbitt, rhel-process-autobot, smullick, stirabos, teagle, thason, vkumar, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the '#cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command. This vulnerability can lead to arbitrary file write.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2463455, 2463456    
Bug Blocks:    

Description OSIDB Bzimport 2026-01-28 20:02:08 UTC
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.

Comment 5 errata-xmlrpc 2026-03-26 13:36:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:5941 https://access.redhat.com/errata/RHSA-2026:5941

Comment 6 errata-xmlrpc 2026-03-26 13:44:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:5943 https://access.redhat.com/errata/RHSA-2026:5943

Comment 7 errata-xmlrpc 2026-03-26 13:48:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:5942 https://access.redhat.com/errata/RHSA-2026:5942

Comment 8 errata-xmlrpc 2026-03-26 14:00:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:5944 https://access.redhat.com/errata/RHSA-2026:5944

Comment 9 errata-xmlrpc 2026-04-08 00:29:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:6949 https://access.redhat.com/errata/RHSA-2026:6949

Comment 10 errata-xmlrpc 2026-04-13 09:51:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:7833 https://access.redhat.com/errata/RHSA-2026:7833

Comment 11 errata-xmlrpc 2026-04-13 10:19:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:7834 https://access.redhat.com/errata/RHSA-2026:7834

Comment 12 errata-xmlrpc 2026-04-13 16:19:38 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2026:7878 https://access.redhat.com/errata/RHSA-2026:7878

Comment 13 errata-xmlrpc 2026-04-13 16:24:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:7879 https://access.redhat.com/errata/RHSA-2026:7879

Comment 14 errata-xmlrpc 2026-04-13 16:26:30 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:7877 https://access.redhat.com/errata/RHSA-2026:7877

Comment 15 errata-xmlrpc 2026-04-13 16:27:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:7876 https://access.redhat.com/errata/RHSA-2026:7876

Comment 16 errata-xmlrpc 2026-04-13 17:41:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:7883 https://access.redhat.com/errata/RHSA-2026:7883