We are wondering regarding CVE-2020-24553 in "rhel-7-including-unpatched" stream (`definition_id = oval:com.redhat.cve:def:202024553`):

Seems like this is a Go vuln, but we aren't able to understand why there are GCC toolchains that seem unrelated to Go that are marked as affected by this vulnerability? We understand the `gcc-go` would probably be affected, but can't seem to understand why packages like gcc-plugin-devel, gcc-c++, etc. are relevant.

Is it possible that, for example `gcc-c++` installs Go related stuff?

Alternatively, if these are not affected by this vulnerability, is that the reason they are under the "Will not fix" section? (Our first understanding of this section is that these are low severity affected packages).