data/reports/GO-2022-1083.yaml - vulndb - Git at Google

 id: GO-2022-1083
 modules:
     - module: github.com/free5gc/aper
       vulnerable_at: 1.0.4
       packages:
         - package: github.com/free5gc/aper
           symbols:
             - GetBitString
           derived_symbols:
             - GetBitsValue
             - Marshal
             - MarshalWithParams
             - Unmarshal
             - UnmarshalWithParams
 summary: Panic on malformed messages in github.com/free5gc/aper
 description: |-
     A malformed message can crash the free5gc/amf and free5gc/ngap decoders via an
     index-out-of-range panic in `aper.GetBitString`.
 cves:
     - CVE-2022-43677
 ghsas:
     - GHSA-59hj-62f5-fgmc
 credits:
     - '@fisherwky'
 references:
     - report: https://github.com/free5gc/free5gc/issues/402
	id: GO-2022-1083
	modules:
	- module: github.com/free5gc/aper
	vulnerable_at: 1.0.4
	packages:
	- package: github.com/free5gc/aper
	symbols:
	- GetBitString
	derived_symbols:
	- GetBitsValue
	- Marshal
	- MarshalWithParams
	- Unmarshal
	- UnmarshalWithParams
	summary: Panic on malformed messages in github.com/free5gc/aper
	description: \|-
	A malformed message can crash the free5gc/amf and free5gc/ngap decoders via an
	index-out-of-range panic in `aper.GetBitString`.
	cves:
	- CVE-2022-43677
	ghsas:
	- GHSA-59hj-62f5-fgmc
	credits:
	- '@fisherwky'
	references:
	- report: https://github.com/free5gc/free5gc/issues/402