blob: a9fe2ffe29c06d84e75430ac714d55b7cf9d389b [file] [log] [blame]
id: GO-2021-0053
modules:
- module: github.com/gogo/protobuf
versions:
- fixed: 1.3.2
vulnerable_at: 1.3.1
packages:
- package: github.com/gogo/protobuf/plugin/unmarshal
symbols:
- unmarshal.field
- unmarshal.Generate
summary: Panic due to improper input validation in github.com/gogo/protobuf
description: |-
Due to improper bounds checking, maliciously crafted input to generated
Unmarshal methods can cause an out-of-bounds panic. If parsing messages from
untrusted parties, this may be used as a denial of service vector.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2021-3121
ghsas:
- GHSA-c3h9-896r-86jm
references:
- fix: https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc
review_status: REVIEWED