data/reports: add GO-2024-2606.yaml
Aliases: CVE-2024-27304, GHSA-mrww-27vc-gghv
Fixes golang/vulndb#2606
Change-Id: I2f2b432fc01d0d7bbad8b1103b7870ec184fceaf
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/570718
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
diff --git a/data/osv/GO-2024-2606.json b/data/osv/GO-2024-2606.json
new file mode 100644
index 0000000..53c46ff
--- /dev/null
+++ b/data/osv/GO-2024-2606.json
@@ -0,0 +1,311 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2024-2606",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2024-27304",
+ "GHSA-mrww-27vc-gghv",
+ "GHSA-7jwh-3vrq-q3m8"
+ ],
+ "summary": "SQL injection in github.com/jackc/pgproto3 and github.com/jackc/pgx",
+ "details": "An integer overflow in the calculated message size of a query or bind message could allow a single large message to be sent as multiple messages under the attacker's control. This could lead to SQL injection if an attacker can cause a single query or bind message to exceed 4 GB in size.",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/jackc/pgproto3/v2",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "2.3.3"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {
+ "imports": [
+ {
+ "path": "github.com/jackc/pgproto3/v2",
+ "symbols": [
+ "AuthenticationCleartextPassword.Encode",
+ "AuthenticationGSS.Encode",
+ "AuthenticationGSSContinue.Encode",
+ "AuthenticationMD5Password.Encode",
+ "AuthenticationOk.Encode",
+ "AuthenticationSASL.Encode",
+ "AuthenticationSASLContinue.Encode",
+ "AuthenticationSASLFinal.Encode",
+ "Backend.Send",
+ "BackendKeyData.Encode",
+ "Bind.Encode",
+ "BindComplete.Encode",
+ "CancelRequest.Encode",
+ "Close.Encode",
+ "CloseComplete.Encode",
+ "CommandComplete.Encode",
+ "CopyBothResponse.Encode",
+ "CopyData.Encode",
+ "CopyDone.Encode",
+ "CopyFail.Encode",
+ "CopyInResponse.Encode",
+ "CopyOutResponse.Encode",
+ "DataRow.Encode",
+ "Describe.Encode",
+ "EmptyQueryResponse.Encode",
+ "ErrorResponse.Encode",
+ "ErrorResponse.marshalBinary",
+ "Execute.Encode",
+ "Flush.Encode",
+ "Frontend.Send",
+ "FunctionCall.Encode",
+ "FunctionCallResponse.Encode",
+ "GSSEncRequest.Encode",
+ "GSSResponse.Encode",
+ "NoData.Encode",
+ "NoticeResponse.Encode",
+ "NotificationResponse.Encode",
+ "ParameterDescription.Encode",
+ "ParameterStatus.Encode",
+ "Parse.Encode",
+ "ParseComplete.Encode",
+ "PasswordMessage.Encode",
+ "PortalSuspended.Encode",
+ "Query.Encode",
+ "ReadyForQuery.Encode",
+ "RowDescription.Encode",
+ "SASLInitialResponse.Encode",
+ "SASLResponse.Encode",
+ "SSLRequest.Encode",
+ "StartupMessage.Encode",
+ "Sync.Encode",
+ "Terminate.Encode"
+ ]
+ },
+ {
+ "path": "github.com/jackc/pgproto3/v2/example/pgfortune",
+ "symbols": [
+ "PgFortuneBackend.Run",
+ "PgFortuneBackend.handleStartup",
+ "main"
+ ]
+ }
+ ]
+ }
+ },
+ {
+ "package": {
+ "name": "github.com/jackc/pgx/v4",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "4.18.2"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {
+ "imports": [
+ {
+ "path": "github.com/jackc/pgx/v4/internal/sanitize",
+ "symbols": [
+ "Query.Sanitize",
+ "SanitizeSQL"
+ ]
+ }
+ ]
+ }
+ },
+ {
+ "package": {
+ "name": "github.com/jackc/pgx/v5",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "5.0.0"
+ },
+ {
+ "fixed": "5.5.4"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {
+ "imports": [
+ {
+ "path": "github.com/jackc/pgx/v5/internal/sanitize",
+ "symbols": [
+ "Query.Sanitize",
+ "SanitizeSQL"
+ ]
+ },
+ {
+ "path": "github.com/jackc/pgx/v5/pgproto3",
+ "symbols": [
+ "AuthenticationCleartextPassword.Encode",
+ "AuthenticationGSS.Encode",
+ "AuthenticationGSSContinue.Encode",
+ "AuthenticationMD5Password.Encode",
+ "AuthenticationOk.Encode",
+ "AuthenticationSASL.Encode",
+ "AuthenticationSASLContinue.Encode",
+ "AuthenticationSASLFinal.Encode",
+ "Backend.Flush",
+ "Backend.Send",
+ "BackendKeyData.Encode",
+ "Bind.Encode",
+ "BindComplete.Encode",
+ "CancelRequest.Encode",
+ "Close.Encode",
+ "CloseComplete.Encode",
+ "CommandComplete.Encode",
+ "CopyBothResponse.Encode",
+ "CopyData.Encode",
+ "CopyDone.Encode",
+ "CopyFail.Encode",
+ "CopyInResponse.Encode",
+ "CopyOutResponse.Encode",
+ "DataRow.Encode",
+ "Describe.Encode",
+ "EmptyQueryResponse.Encode",
+ "ErrorResponse.Encode",
+ "ErrorResponse.marshalBinary",
+ "Execute.Encode",
+ "Flush.Encode",
+ "Frontend.Flush",
+ "Frontend.Send",
+ "Frontend.SendBind",
+ "Frontend.SendClose",
+ "Frontend.SendDescribe",
+ "Frontend.SendExecute",
+ "Frontend.SendParse",
+ "Frontend.SendQuery",
+ "Frontend.SendSync",
+ "Frontend.SendUnbufferedEncodedCopyData",
+ "FunctionCall.Encode",
+ "FunctionCallResponse.Encode",
+ "GSSEncRequest.Encode",
+ "GSSResponse.Encode",
+ "NoData.Encode",
+ "NoticeResponse.Encode",
+ "NotificationResponse.Encode",
+ "ParameterDescription.Encode",
+ "ParameterStatus.Encode",
+ "Parse.Encode",
+ "ParseComplete.Encode",
+ "PasswordMessage.Encode",
+ "PortalSuspended.Encode",
+ "Query.Encode",
+ "ReadyForQuery.Encode",
+ "RowDescription.Encode",
+ "SASLInitialResponse.Encode",
+ "SASLResponse.Encode",
+ "SSLRequest.Encode",
+ "StartupMessage.Encode",
+ "Sync.Encode",
+ "Terminate.Encode"
+ ]
+ },
+ {
+ "path": "github.com/jackc/pgx/v5/pgconn",
+ "symbols": [
+ "Batch.ExecParams",
+ "Batch.ExecPrepared",
+ "Connect",
+ "ConnectConfig",
+ "ConnectWithOptions",
+ "MultiResultReader.Close",
+ "MultiResultReader.NextResult",
+ "MultiResultReader.ReadAll",
+ "PgConn.CheckConn",
+ "PgConn.Close",
+ "PgConn.CopyFrom",
+ "PgConn.CopyTo",
+ "PgConn.Deallocate",
+ "PgConn.Exec",
+ "PgConn.ExecBatch",
+ "PgConn.ExecParams",
+ "PgConn.ExecPrepared",
+ "PgConn.Ping",
+ "PgConn.Prepare",
+ "PgConn.ReceiveMessage",
+ "PgConn.SyncConn",
+ "PgConn.WaitForNotification",
+ "Pipeline.Close",
+ "Pipeline.Flush",
+ "Pipeline.GetResults",
+ "Pipeline.SendDeallocate",
+ "Pipeline.SendPrepare",
+ "Pipeline.SendQueryParams",
+ "Pipeline.SendQueryPrepared",
+ "Pipeline.Sync",
+ "ResultReader.Close",
+ "ResultReader.NextRow",
+ "ResultReader.Read",
+ "ValidateConnectTargetSessionAttrsPreferStandby",
+ "ValidateConnectTargetSessionAttrsPrimary",
+ "ValidateConnectTargetSessionAttrsReadOnly",
+ "ValidateConnectTargetSessionAttrsReadWrite",
+ "ValidateConnectTargetSessionAttrsStandby"
+ ]
+ },
+ {
+ "path": "github.com/jackc/pgx/v5/pgproto3/example/pgfortune",
+ "symbols": [
+ "PgFortuneBackend.Run",
+ "PgFortuneBackend.handleStartup",
+ "main"
+ ]
+ }
+ ]
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df"
+ }
+ ],
+ "credits": [
+ {
+ "name": "paul-gerste-sonarsource"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2024-2606"
+ }
+}
\ No newline at end of file
diff --git a/data/reports/GO-2024-2606.yaml b/data/reports/GO-2024-2606.yaml
new file mode 100644
index 0000000..25baff9
--- /dev/null
+++ b/data/reports/GO-2024-2606.yaml
@@ -0,0 +1,226 @@
+id: GO-2024-2606
+modules:
+ - module: github.com/jackc/pgproto3/v2
+ versions:
+ - fixed: 2.3.3
+ vulnerable_at: 2.3.2
+ packages:
+ - package: github.com/jackc/pgproto3/v2
+ symbols:
+ - CloseComplete.Encode
+ - AuthenticationSASLFinal.Encode
+ - Terminate.Encode
+ - NotificationResponse.Encode
+ - AuthenticationGSSContinue.Encode
+ - DataRow.Encode
+ - CopyInResponse.Encode
+ - FunctionCall.Encode
+ - BackendKeyData.Encode
+ - Query.Encode
+ - CancelRequest.Encode
+ - ParameterStatus.Encode
+ - BindComplete.Encode
+ - CopyBothResponse.Encode
+ - CopyData.Encode
+ - CopyOutResponse.Encode
+ - AuthenticationGSS.Encode
+ - Parse.Encode
+ - PasswordMessage.Encode
+ - AuthenticationCleartextPassword.Encode
+ - ErrorResponse.Encode
+ - SASLInitialResponse.Encode
+ - Execute.Encode
+ - FunctionCallResponse.Encode
+ - ReadyForQuery.Encode
+ - AuthenticationOk.Encode
+ - SSLRequest.Encode
+ - CopyDone.Encode
+ - AuthenticationMD5Password.Encode
+ - ParseComplete.Encode
+ - EmptyQueryResponse.Encode
+ - CommandComplete.Encode
+ - AuthenticationSASL.Encode
+ - NoData.Encode
+ - Flush.Encode
+ - GSSEncRequest.Encode
+ - StartupMessage.Encode
+ - Backend.Send
+ - GSSResponse.Encode
+ - CopyFail.Encode
+ - Bind.Encode
+ - AuthenticationSASLContinue.Encode
+ - NoticeResponse.Encode
+ - SASLResponse.Encode
+ - Frontend.Send
+ - Sync.Encode
+ - ErrorResponse.marshalBinary
+ - RowDescription.Encode
+ - Close.Encode
+ - ParameterDescription.Encode
+ - PortalSuspended.Encode
+ - Describe.Encode
+ - package: github.com/jackc/pgproto3/v2/example/pgfortune
+ symbols:
+ - PgFortuneBackend.handleStartup
+ - PgFortuneBackend.Run
+ derived_symbols:
+ - main
+ fix_links:
+ - https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007
+ - module: github.com/jackc/pgx/v4
+ versions:
+ - fixed: 4.18.2
+ vulnerable_at: 4.18.1
+ packages:
+ - package: github.com/jackc/pgx/v4/internal/sanitize
+ symbols:
+ - Query.Sanitize
+ derived_symbols:
+ - SanitizeSQL
+ fix_links:
+ - https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df,
+ - module: github.com/jackc/pgx/v5
+ versions:
+ - introduced: 5.0.0
+ fixed: 5.5.4
+ vulnerable_at: 5.5.3
+ packages:
+ - package: github.com/jackc/pgx/v5/internal/sanitize
+ symbols:
+ - Query.Sanitize
+ derived_symbols:
+ - SanitizeSQL
+ - package: github.com/jackc/pgx/v5/pgproto3
+ symbols:
+ - Frontend.SendSync
+ - Backend.Flush
+ - Frontend.SendDescribe
+ - Parse.Encode
+ - CopyBothResponse.Encode
+ - CopyOutResponse.Encode
+ - GSSResponse.Encode
+ - DataRow.Encode
+ - EmptyQueryResponse.Encode
+ - PortalSuspended.Encode
+ - Close.Encode
+ - SASLInitialResponse.Encode
+ - ReadyForQuery.Encode
+ - Query.Encode
+ - CopyFail.Encode
+ - ParameterDescription.Encode
+ - NoData.Encode
+ - SSLRequest.Encode
+ - AuthenticationMD5Password.Encode
+ - Flush.Encode
+ - StartupMessage.Encode
+ - Frontend.SendParse
+ - CloseComplete.Encode
+ - Backend.Send
+ - CopyInResponse.Encode
+ - GSSEncRequest.Encode
+ - Frontend.Send
+ - Describe.Encode
+ - AuthenticationOk.Encode
+ - FunctionCallResponse.Encode
+ - Bind.Encode
+ - Frontend.SendClose
+ - Terminate.Encode
+ - Frontend.SendExecute
+ - Sync.Encode
+ - Execute.Encode
+ - AuthenticationGSSContinue.Encode
+ - FunctionCall.Encode
+ - CancelRequest.Encode
+ - AuthenticationSASLFinal.Encode
+ - BackendKeyData.Encode
+ - Frontend.Flush
+ - NoticeResponse.Encode
+ - AuthenticationSASL.Encode
+ - Frontend.SendBind
+ - AuthenticationSASLContinue.Encode
+ - BindComplete.Encode
+ - PasswordMessage.Encode
+ - NotificationResponse.Encode
+ - ErrorResponse.Encode
+ - CopyData.Encode
+ - ErrorResponse.marshalBinary
+ - Frontend.SendQuery
+ - ParameterStatus.Encode
+ - AuthenticationCleartextPassword.Encode
+ - AuthenticationGSS.Encode
+ - RowDescription.Encode
+ - CopyDone.Encode
+ - CommandComplete.Encode
+ - SASLResponse.Encode
+ - ParseComplete.Encode
+ derived_symbols:
+ - Frontend.SendUnbufferedEncodedCopyData
+ - package: github.com/jackc/pgx/v5/pgconn
+ symbols:
+ - Batch.ExecParams
+ - PgConn.ExecBatch
+ - Batch.ExecPrepared
+ derived_symbols:
+ - Connect
+ - ConnectConfig
+ - ConnectWithOptions
+ - MultiResultReader.Close
+ - MultiResultReader.NextResult
+ - MultiResultReader.ReadAll
+ - PgConn.CheckConn
+ - PgConn.Close
+ - PgConn.CopyFrom
+ - PgConn.CopyTo
+ - PgConn.Deallocate
+ - PgConn.Exec
+ - PgConn.ExecParams
+ - PgConn.ExecPrepared
+ - PgConn.Ping
+ - PgConn.Prepare
+ - PgConn.ReceiveMessage
+ - PgConn.SyncConn
+ - PgConn.WaitForNotification
+ - Pipeline.Close
+ - Pipeline.Flush
+ - Pipeline.GetResults
+ - Pipeline.SendDeallocate
+ - Pipeline.SendPrepare
+ - Pipeline.SendQueryParams
+ - Pipeline.SendQueryPrepared
+ - Pipeline.Sync
+ - ResultReader.Close
+ - ResultReader.NextRow
+ - ResultReader.Read
+ - ValidateConnectTargetSessionAttrsPreferStandby
+ - ValidateConnectTargetSessionAttrsPrimary
+ - ValidateConnectTargetSessionAttrsReadOnly
+ - ValidateConnectTargetSessionAttrsReadWrite
+ - ValidateConnectTargetSessionAttrsStandby
+ - package: github.com/jackc/pgx/v5/pgproto3/example/pgfortune
+ symbols:
+ - PgFortuneBackend.handleStartup
+ - PgFortuneBackend.Run
+ derived_symbols:
+ - main
+ fix_links:
+ - https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8
+ - https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4
+summary: SQL injection in github.com/jackc/pgproto3 and github.com/jackc/pgx
+description: |-
+ An integer overflow in the calculated message size of a query or bind message
+ could allow a single large message to be sent as multiple messages under the
+ attacker's control. This could lead to SQL injection if an attacker can cause a
+ single query or bind message to exceed 4 GB in size.
+cves:
+ - CVE-2024-27304
+ghsas:
+ - GHSA-mrww-27vc-gghv
+ - GHSA-7jwh-3vrq-q3m8
+credits:
+ - paul-gerste-sonarsource
+references:
+ - advisory: https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv
+ - fix: https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007
+ - fix: https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4
+ - fix: https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8
+ - fix: https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df
