data/reports/GO-2022-0346.yaml - vulndb - Git at Google

 modules:
   - module: github.com/quay/claircore
     versions:
       - fixed: 1.1.0
     vulnerable_at: 1.1.0-rc.0
     packages:
       - package: github.com/quay/claircore/rpm
         symbols:
           - Scanner.Scan
 summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     A maliciously crafted RPM file can cause the Scanner.Scan function to
     write files with arbitrary contents to arbitrary locations on the local
     filestem.
 published: 2022-07-15T23:30:27Z
 cves:
   - CVE-2021-3762
 ghsas:
   - GHSA-mq47-6wwv-v79w
 references:
   - fix: https://github.com/quay/claircore/pull/478
   - fix: https://github.com/quay/claircore/commit/691f2023a1720a0579e688b69a2f4bfe1f4b7821
	modules:
	- module: github.com/quay/claircore
	versions:
	- fixed: 1.1.0
	vulnerable_at: 1.1.0-rc.0
	packages:
	- package: github.com/quay/claircore/rpm
	symbols:
	- Scanner.Scan
	summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
	description: \|
	A maliciously crafted RPM file can cause the Scanner.Scan function to
	write files with arbitrary contents to arbitrary locations on the local
	filestem.
	published: 2022-07-15T23:30:27Z
	cves:
	- CVE-2021-3762
	ghsas:
	- GHSA-mq47-6wwv-v79w
	references:
	- fix: https://github.com/quay/claircore/pull/478
	- fix: https://github.com/quay/claircore/commit/691f2023a1720a0579e688b69a2f4bfe1f4b7821