blob: 4fd51b6a90bc1eee6a3e3596732f629e1bde1e90 [file] [log] [blame]
module = "github.com/ulikunitz/xz"
description = """
An attacker can construct a series of bytes such that calling
[`Reader.Read`] on the bytes could cause an infinite loop.
"""
credit = "@0xdecaf"
symbols = ["readUvarint"]
published = "2021-04-14T12:00:00Z"
[[versions]]
fixed = "v0.5.8"
[links]
commit = "https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b"
context = [
"https://github.com/ulikunitz/xz/issues/35",
"https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27"
]
[cve_metadata]
id = "CVE-9999-0004"
description = """
Integer overflow in github.com/ulikunitz/xz before v0.5.8 allows attackers
to cause denial of service via maliciously crafted input.
"""
cwe = "CWE-190: Integer Overflow or Wraparound"