CVE-2012-2666

Name: CVE-2012-2666
Creator: NVD / NIST
Published: 2021-07-09T11:15:07.75+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 1.93%

Last modified Jun 16, 2026

CVE-2012-2666 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.. EPSS estimates a 1.93% chance of exploitation in the next 30 days.

Description

golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 3.0

/10

EPSS Probability

1.93%

77.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-377

Affected Software

Vendor	Product	Versions
Golang	Go	1.0.2

References

https://bugzilla.suse.com/show_bug.cgi?id=765455Issue Tracking, Patch, Third Party Advisory
https://codereview.appspot.com/5992078Exploit, Third Party Advisory
https://github.com/golang/go/commit/8ac275bb01588a8c0e6c0fe2de7fd11f08feccddPatch, Third Party Advisory
https://security.netapp.com/advisory/ntap-20210902-0009/Third Party Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2012-2666Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=765455Issue Tracking, Patch, Third Party Advisory
https://codereview.appspot.com/5992078Exploit, Third Party Advisory
https://github.com/golang/go/commit/8ac275bb01588a8c0e6c0fe2de7fd11f08feccddPatch, Third Party Advisory
https://security.netapp.com/advisory/ntap-20210902-0009/Third Party Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2012-2666Third Party Advisory

Timeline

Published: Jul 9, 2021
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2012-2666?

golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.

How severe is CVE-2012-2666?

CVE-2012-2666 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.93% probability of exploitation in the next 30 days.

How do I fix CVE-2012-2666?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-2666?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST