data/reports: run vulncheck fix on 0009, 0019, and 1083.
Change-Id: Ic5448c39a22b488eba8d306b1021b1d1f9cb25db
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/463111
Run-TryBot: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
diff --git a/data/osv/GO-2020-0009.json b/data/osv/GO-2020-0009.json
index dd07599..cb74661 100644
--- a/data/osv/GO-2020-0009.json
+++ b/data/osv/GO-2020-0009.json
@@ -70,7 +70,9 @@
"sparc"
],
"symbols": [
- "JsonWebEncryption.Decrypt"
+ "JsonWebEncryption.Decrypt",
+ "genericEncrypter.Encrypt",
+ "genericEncrypter.EncryptWithAuthData"
]
}
]
diff --git a/data/osv/GO-2020-0019.json b/data/osv/GO-2020-0019.json
index 9bf0787..04a811a 100644
--- a/data/osv/GO-2020-0019.json
+++ b/data/osv/GO-2020-0019.json
@@ -62,6 +62,7 @@
"messageWriter.ReadFrom",
"messageWriter.Write",
"messageWriter.WriteString",
+ "netDialerFunc.Dial",
"proxy_direct.Dial",
"proxy_envOnce.Get",
"proxy_socks5.Dial",
diff --git a/data/osv/GO-2022-1083.json b/data/osv/GO-2022-1083.json
index d9cbbb5..6a973f3 100644
--- a/data/osv/GO-2022-1083.json
+++ b/data/osv/GO-2022-1083.json
@@ -31,7 +31,12 @@
{
"path": "github.com/free5gc/aper",
"symbols": [
- "GetBitString"
+ "GetBitString",
+ "GetBitsValue",
+ "Marshal",
+ "MarshalWithParams",
+ "Unmarshal",
+ "UnmarshalWithParams"
]
}
]
diff --git a/data/reports/GO-2020-0009.yaml b/data/reports/GO-2020-0009.yaml
index 0058664..43caad2 100644
--- a/data/reports/GO-2020-0009.yaml
+++ b/data/reports/GO-2020-0009.yaml
@@ -39,6 +39,9 @@
- sparc
symbols:
- JsonWebEncryption.Decrypt
+ derived_symbols:
+ - genericEncrypter.Encrypt
+ - genericEncrypter.EncryptWithAuthData
description: |
On 32-bit platforms an attacker can manipulate a ciphertext encrypted with AES-CBC
with HMAC such that they can control how large the input buffer is when computing
diff --git a/data/reports/GO-2020-0019.yaml b/data/reports/GO-2020-0019.yaml
index 6f22f8b..449f084 100644
--- a/data/reports/GO-2020-0019.yaml
+++ b/data/reports/GO-2020-0019.yaml
@@ -35,6 +35,7 @@
- messageWriter.ReadFrom
- messageWriter.Write
- messageWriter.WriteString
+ - netDialerFunc.Dial
- proxy_direct.Dial
- proxy_envOnce.Get
- proxy_socks5.Dial
diff --git a/data/reports/GO-2022-1083.yaml b/data/reports/GO-2022-1083.yaml
index 790fb3c..39f0807 100644
--- a/data/reports/GO-2022-1083.yaml
+++ b/data/reports/GO-2022-1083.yaml
@@ -5,6 +5,12 @@
- package: github.com/free5gc/aper
symbols:
- GetBitString
+ derived_symbols:
+ - GetBitsValue
+ - Marshal
+ - MarshalWithParams
+ - Unmarshal
+ - UnmarshalWithParams
description: |
A malformed message can crash the free5gc/amf and free5gc/ngap decoders via
an index-out-of-range panic in `aper.GetBitString`.