{"id":"CVE-2016-3958","details":"Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function.","aliases":["GO-2021-0163"],"modified":"2026-04-10T03:51:14.322881Z","published":"2016-05-23T19:59:03.353Z","references":[{"type":"WEB","url":"https://groups.google.com/forum/#%21topic/golang-announce/9eqIHqaWvck"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/04/05/1"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/04/05/2"},{"type":"ADVISORY","url":"https://github.com/golang/go/issues/14959"},{"type":"ADVISORY","url":"https://go-review.googlesource.com/#/c/21428/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/golang/go","events":[{"introduced":"bb03defe933c89fee44be675d7aa0fbd893ced30"},{"fixed":"a1ef950a15517bca223d079a6cf65948c3db9694"},{"introduced":"7bc40ffb05d8813bf9b41a331b45d37216f9e747"},{"fixed":"f5cf5673590a68c55b2330df9dfcdd6fac75b893"},{"introduced":"0"},{"last_affected":"7bc40ffb05d8813bf9b41a331b45d37216f9e747"}],"database_specific":{"versions":[{"introduced":"1.5"},{"fixed":"1.5.4"},{"introduced":"1.6"},{"fixed":"1.6.1"},{"introduced":"0"},{"last_affected":"1.6"}]}}],"versions":["go1.5","go1.5.1","go1.5.2","go1.5.3","go1.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3958.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}