| id: GO-2022-1083 |
| modules: |
| - module: github.com/free5gc/aper |
| vulnerable_at: 1.0.4 |
| packages: |
| - package: github.com/free5gc/aper |
| symbols: |
| - GetBitString |
| derived_symbols: |
| - GetBitsValue |
| - Marshal |
| - MarshalWithParams |
| - Unmarshal |
| - UnmarshalWithParams |
| summary: Panic on malformed messages in github.com/free5gc/aper |
| description: |- |
| A malformed message can crash the free5gc/amf and free5gc/ngap decoders via an |
| index-out-of-range panic in aper.GetBitString. |
| cves: |
| - CVE-2022-43677 |
| ghsas: |
| - GHSA-59hj-62f5-fgmc |
| credits: |
| - '@fisherwky' |
| references: |
| - report: https://github.com/free5gc/free5gc/issues/402 |
| review_status: REVIEWED |