| - module: github.com/ipfs/go-bitfield |
| - package: github.com/ipfs/go-bitfield |
| summary: 'TODO(https://go.dev/issue/56443): fill in summary field' |
| When feeding untrusted user input into the size parameter of `NewBitfield` |
| and FromBytes functions, an attacker can trigger panics. |
| This happens when the size is a not a multiple of 8 or is negative. |
| A workaround is to ensure size%8 == 0 && size >= 0 yourself before calling |
| NewBitfield or FromBytes. |
| - advisory: https://github.com/ipfs/go-bitfield/security/advisories/GHSA-2h6c-j3gf-xp9r |
| - fix: https://github.com/ipfs/go-bitfield/commit/5e1d256fe043fc4163343ccca83862c69c52e579 |