reports/GO-2022-0253.yaml - vulndb - Git at Google

 packages:
   - module: github.com/cloudflare/cfrpki
     package: github.com/cloudflare/cfrpki/sync/lib
     symbols:
       - HTTPFetcher.GetXML
     versions:
       - fixed: 1.4.0
     vulnerable_at: 1.3.0
 description: |
     The HTTPFetcher.GetXML function reads a response of unlimited size into
     memory, permitting resource exhausion.
 cves:
   - CVE-2021-3912
 ghsas:
   - GHSA-g9wh-3vrx-r7hg
 credit: Koen van Hove
 links:
     commit: https://github.com/cloudflare/cfrpki/commit/648658b1b176a747b52645989cfddc73a81eacad
	packages:
	- module: github.com/cloudflare/cfrpki
	package: github.com/cloudflare/cfrpki/sync/lib
	symbols:
	- HTTPFetcher.GetXML
	versions:
	- fixed: 1.4.0
	vulnerable_at: 1.3.0
	description: \|
	The HTTPFetcher.GetXML function reads a response of unlimited size into
	memory, permitting resource exhausion.
	cves:
	- CVE-2021-3912
	ghsas:
	- GHSA-g9wh-3vrx-r7hg
	credit: Koen van Hove
	links:
	commit: https://github.com/cloudflare/cfrpki/commit/648658b1b176a747b52645989cfddc73a81eacad