| module: github.com/ulikunitz/xz |
| versions: |
| - fixed: v0.5.8 |
| description: | |
| An attacker can construct a series of bytes such that calling |
| [`Reader.Read`] on the bytes could cause an infinite loop. If |
| parsing user supplied input, this may be used as a denial of |
| service vector. |
| published: 2021-04-14T12:00:00Z |
| credit: "@0xdecaf" |
| cve: CVE-2021-29482 |
| symbols: |
| - readUvarint |
| links: |
| commit: https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b |
| context: |
| - https://github.com/ulikunitz/xz/issues/35 |
| - https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27 |