reports/GO-2022-0503.yaml - vulndb - Git at Google

 packages:
   - module: github.com/ipld/go-car
     versions:
       - fixed: 0.4.0
     vulnerable_at: 0.3.3
   - module: github.com/ipld/go-car
     package: github.com/ipld/go-car/util
     versions:
       - fixed: 0.4.0
     vulnerable_at: 0.3.3
   - module: github.com/ipld/go-car/v2
     versions:
       - introduced: 2.0.0
         fixed: 2.4.0
     vulnerable_at: 2.3.0
   - module: github.com/ipld/go-car/v2
     package: github.com/ipld/go-car/v2/blockstore
     versions:
       - introduced: 2.0.0
         fixed: 2.4.0
     vulnerable_at: 2.3.0
   - module: github.com/ipld/go-car/v2
     package: github.com/ipld/go-car/v2/index
     versions:
       - introduced: 2.0.0
         fixed: 2.4.0
     vulnerable_at: 2.3.0
 description: |
     Decoding malformed CAR data can cause panics or excessive memory usage.
 ghsas:
   - GHSA-9x4h-8wgm-8xfg
 links:
     advisory: https://github.com/advisories/GHSA-9x4h-8wgm-8xfg
	packages:
	- module: github.com/ipld/go-car
	versions:
	- fixed: 0.4.0
	vulnerable_at: 0.3.3
	- module: github.com/ipld/go-car
	package: github.com/ipld/go-car/util
	versions:
	- fixed: 0.4.0
	vulnerable_at: 0.3.3
	- module: github.com/ipld/go-car/v2
	versions:
	- introduced: 2.0.0
	fixed: 2.4.0
	vulnerable_at: 2.3.0
	- module: github.com/ipld/go-car/v2
	package: github.com/ipld/go-car/v2/blockstore
	versions:
	- introduced: 2.0.0
	fixed: 2.4.0
	vulnerable_at: 2.3.0
	- module: github.com/ipld/go-car/v2
	package: github.com/ipld/go-car/v2/index
	versions:
	- introduced: 2.0.0
	fixed: 2.4.0
	vulnerable_at: 2.3.0
	description: \|
	Decoding malformed CAR data can cause panics or excessive memory usage.
	ghsas:
	- GHSA-9x4h-8wgm-8xfg
	links:
	advisory: https://github.com/advisories/GHSA-9x4h-8wgm-8xfg