data/reports/GO-2022-0422.yaml - vulndb - Git at Google

 id: GO-2022-0422
 modules:
     - module: github.com/ipld/go-codec-dagpb
       versions:
         - fixed: 1.3.1
       vulnerable_at: 1.3.0
       packages:
         - package: github.com/ipld/go-codec-dagpb
           symbols:
             - DecodeBytes
           derived_symbols:
             - Decode
             - Decoder
             - Unmarshal
 summary: Panic when decoding invalid blocks in github.com/ipld/go-codec-dagpb
 description: The dag-pb codec can panic when decoding invalid blocks.
 published: 2022-07-01T20:08:04Z
 ghsas:
     - GHSA-967g-cjx4-h7j6
     - GHSA-g3vv-g2j5-45f2
 references:
     - fix: https://github.com/ipld/go-codec-dagpb/commit/a17ace35cc760a2698645c09868f9050fa219f57
 cve_metadata:
     id: CVE-2022-2584
     cwe: 'CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer'
	id: GO-2022-0422
	modules:
	- module: github.com/ipld/go-codec-dagpb
	versions:
	- fixed: 1.3.1
	vulnerable_at: 1.3.0
	packages:
	- package: github.com/ipld/go-codec-dagpb
	symbols:
	- DecodeBytes
	derived_symbols:
	- Decode
	- Decoder
	- Unmarshal
	summary: Panic when decoding invalid blocks in github.com/ipld/go-codec-dagpb
	description: The dag-pb codec can panic when decoding invalid blocks.
	published: 2022-07-01T20:08:04Z
	ghsas:
	- GHSA-967g-cjx4-h7j6
	- GHSA-g3vv-g2j5-45f2
	references:
	- fix: https://github.com/ipld/go-codec-dagpb/commit/a17ace35cc760a2698645c09868f9050fa219f57
	cve_metadata:
	id: CVE-2022-2584
	cwe: 'CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer'