data/reports: fix some report summaries to match style
Change-Id: I8fb5e80041ae95f2aec000f90a9a36b6b7bacbb5
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/542359
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
diff --git a/data/osv/GO-2023-2024.json b/data/osv/GO-2023-2024.json
index a9fb203..869c90c 100644
--- a/data/osv/GO-2023-2024.json
+++ b/data/osv/GO-2023-2024.json
@@ -7,7 +7,7 @@
"CVE-2023-40583",
"GHSA-gcq9-qqwx-rgj3"
],
- "summary": "libp2p nodes vulnerable to OOM attack",
+ "summary": "Out-of-memory vulnerability in github.com/libp2p/go-libp2p",
"details": "A malicious actor can store an arbitrary amount of data in the memory of a remote node by sending the node a message with a signed peer record. Signed peer records from randomly generated peers can be sent by a malicious actor. This memory does not get garbage collected and so the remote node can run out of memory (OOM).",
"affected": [
{
diff --git a/data/osv/GO-2023-2153.json b/data/osv/GO-2023-2153.json
index 5666c70..c4f0c44 100644
--- a/data/osv/GO-2023-2153.json
+++ b/data/osv/GO-2023-2153.json
@@ -9,7 +9,7 @@
"related": [
"CVE-2023-44487"
],
- "summary": "denial of service from HTTP/2 Rapid Reset in google.golang.org/grpc",
+ "summary": "Denial of service from HTTP/2 Rapid Reset in google.golang.org/grpc",
"details": "An attacker can send HTTP/2 requests, cancel them, and send subsequent requests. This is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit, `grpc.MaxConcurrentStreams`. This results in a denial of service due to resource consumption.",
"affected": [
{
diff --git a/data/osv/GO-2023-2160.json b/data/osv/GO-2023-2160.json
index 3378019..fc64cbf 100644
--- a/data/osv/GO-2023-2160.json
+++ b/data/osv/GO-2023-2160.json
@@ -7,7 +7,7 @@
"CVE-2023-46239",
"GHSA-3q6m-v84f-6p9h"
],
- "summary": "panic during QUIC handshake in github.com/quic-go/quic-go",
+ "summary": "Panic during QUIC handshake in github.com/quic-go/quic-go",
"details": "The QUIC handshake can cause a panic when processing a certain sequence of frames. A malicious peer can deliberately trigger this panic.",
"affected": [
{
diff --git a/data/osv/GO-2023-2163.json b/data/osv/GO-2023-2163.json
index 4597e6f..6317eae 100644
--- a/data/osv/GO-2023-2163.json
+++ b/data/osv/GO-2023-2163.json
@@ -7,7 +7,7 @@
"CVE-2023-46129",
"GHSA-mr45-rx8q-wcm9"
],
- "summary": "curve KeyPairs fail to encrypt github.com/nats-io/nkeys",
+ "summary": "Curve KeyPairs fail to encrypt in github.com/nats-io/nkeys",
"details": "Curve KeyPairs always use the same (all-zeros) key to encrypt data, and provide no security.",
"affected": [
{
diff --git a/data/reports/GO-2023-2024.yaml b/data/reports/GO-2023-2024.yaml
index 0947b6c..2a57d6c 100644
--- a/data/reports/GO-2023-2024.yaml
+++ b/data/reports/GO-2023-2024.yaml
@@ -15,7 +15,7 @@
- idService.IdentifyConn
- idService.IdentifyWait
- netNotifiee.Connected
-summary: libp2p nodes vulnerable to OOM attack
+summary: Out-of-memory vulnerability in github.com/libp2p/go-libp2p
description: |-
A malicious actor can store an arbitrary amount of data in the memory of a
remote node by sending the node a message with a signed peer record. Signed peer
diff --git a/data/reports/GO-2023-2153.yaml b/data/reports/GO-2023-2153.yaml
index ca93368..b823893 100644
--- a/data/reports/GO-2023-2153.yaml
+++ b/data/reports/GO-2023-2153.yaml
@@ -18,7 +18,7 @@
derived_symbols:
- NewServer
- Server.Serve
-summary: denial of service from HTTP/2 Rapid Reset in google.golang.org/grpc
+summary: Denial of service from HTTP/2 Rapid Reset in google.golang.org/grpc
description: |-
An attacker can send HTTP/2 requests, cancel them, and send subsequent requests.
This is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to
diff --git a/data/reports/GO-2023-2160.yaml b/data/reports/GO-2023-2160.yaml
index d2eb5c0..79c9958 100644
--- a/data/reports/GO-2023-2160.yaml
+++ b/data/reports/GO-2023-2160.yaml
@@ -7,7 +7,7 @@
vulnerable_at: 0.37.2
packages:
- package: github.com/quic-go/quic-go
-summary: panic during QUIC handshake in github.com/quic-go/quic-go
+summary: Panic during QUIC handshake in github.com/quic-go/quic-go
description: |-
The QUIC handshake can cause a panic when processing a certain sequence of
frames. A malicious peer can deliberately trigger this panic.
diff --git a/data/reports/GO-2023-2163.yaml b/data/reports/GO-2023-2163.yaml
index d70c1a0..0a7fadf 100644
--- a/data/reports/GO-2023-2163.yaml
+++ b/data/reports/GO-2023-2163.yaml
@@ -13,7 +13,7 @@
- ckp.Open
- ckp.Seal
- ckp.SealWithRand
-summary: curve KeyPairs fail to encrypt github.com/nats-io/nkeys
+summary: Curve KeyPairs fail to encrypt in github.com/nats-io/nkeys
description: |-
Curve KeyPairs always use the same (all-zeros) key to encrypt data,
and provide no security.
