data/reports/GO-2022-0422.yaml - vulndb - Git at Google

 modules:
   - module: github.com/ipld/go-codec-dagpb
     versions:
       - fixed: 1.3.1
     vulnerable_at: 1.3.0
     packages:
       - package: github.com/ipld/go-codec-dagpb
         symbols:
           - DecodeBytes
         derived_symbols:
           - Decode
           - Decoder
           - Unmarshal
 description: The dag-pb codec can panic when decoding invalid blocks.
 published: 2022-07-01T20:08:04Z
 ghsas:
   - GHSA-g3vv-g2j5-45f2
   - GHSA-967g-cjx4-h7j6
 references:
   - fix: https://github.com/ipld/go-codec-dagpb/commit/a17ace35cc760a2698645c09868f9050fa219f57
 cve_metadata:
     id: CVE-2022-2584
     cwe: 'CWE-119: Improper Restriction of Operations within the Bounds of a Memory
         Buffer'
	modules:
	- module: github.com/ipld/go-codec-dagpb
	versions:
	- fixed: 1.3.1
	vulnerable_at: 1.3.0
	packages:
	- package: github.com/ipld/go-codec-dagpb
	symbols:
	- DecodeBytes
	derived_symbols:
	- Decode
	- Decoder
	- Unmarshal
	description: The dag-pb codec can panic when decoding invalid blocks.
	published: 2022-07-01T20:08:04Z
	ghsas:
	- GHSA-g3vv-g2j5-45f2
	- GHSA-967g-cjx4-h7j6
	references:
	- fix: https://github.com/ipld/go-codec-dagpb/commit/a17ace35cc760a2698645c09868f9050fa219f57
	cve_metadata:
	id: CVE-2022-2584
	cwe: 'CWE-119: Improper Restriction of Operations within the Bounds of a Memory
	Buffer'