x/vulndb: delete GO-2021-0225, which is a duplicate of GO-2021-0142
For golang/vulndb#225
For golang/vulndb#142
Change-Id: I3c887772f06fa13f08c8a22a3a221b2535d03d3c
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/421415
Reviewed-by: Julie Qiu <julieqiu@google.com>
diff --git a/reports/GO-2021-0225.yaml b/reports/GO-2021-0225.yaml
deleted file mode 100644
index b97ffb1..0000000
--- a/reports/GO-2021-0225.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-packages:
- - module: std
- package: encoding/binary
- symbols:
- - ReadUvarint
- versions:
- - fixed: 1.13.15
- - introduced: 1.14.0
- fixed: 1.14.7
-description: |
- Certain invalid inputs to ReadUvarint or ReadVarint could cause those
- functions to read an unlimited number of bytes from the ByteReader argument
- before returning an error. This could lead to processing more input than
- expected when the caller is reading directly from a network and depends on
- ReadUvarint and ReadVarint only consuming a small, bounded number of bytes,
- even from invalid inputs.
-
- With the update, ReadUvarint and ReadVarint now always return after consuming
- a bounded number of bytes (specifically, MaxVarintLen64, which is 10). The
- result being returned has not changed; the functions merely detect and return
- some errors without reading as much input.
-published: 2022-01-13T03:44:52Z
-cves:
- - CVE-2020-16845
-ghsas:
- - GHSA-q6gq-997w-f55g
-credit: Diederik Loerakker, Jonny Rhea, Raúl Kripalani, and Preston Van Loon
-links:
- pr: https://go.dev/cl/247120
- commit: https://go.googlesource.com/go/+/027d7241ce050d197e7fabea3d541ffbe3487258
- context:
- - https://go.dev/issue/40618
- - https://groups.google.com/g/golang-announce/c/NyPIaucMgXo
