| id: GO-2021-0079 |
| modules: |
| - module: github.com/bytom/bytom |
| versions: |
| - fixed: 1.0.4-0.20180831054840-1ac3c8ac4f2b |
| vulnerable_at: 1.0.4-0.20180831031436-69b3d4c7cf41 |
| packages: |
| - package: github.com/bytom/bytom/p2p/discover |
| symbols: |
| - Network.checkTopicRegister |
| skip_fix: 'TODO: Revisit this reason. (Fix causes error containing cannot find module providing package github.com/bytom/common)' |
| summary: Panic in github.com/bytom/bytom |
| description: |- |
| A malformed query can cause an out-of-bounds panic due to improper validation of |
| arguments. If processing queries from untrusted parties, this may be used as a |
| vector for denial of service attacks. |
| published: 2021-04-14T20:04:52Z |
| cves: |
| - CVE-2018-18206 |
| ghsas: |
| - GHSA-vc3x-gx6c-g99f |
| credits: |
| - '@yahtoo' |
| references: |
| - fix: https://github.com/Bytom/bytom/pull/1307 |
| - fix: https://github.com/Bytom/bytom/commit/1ac3c8ac4f2b1e1df9675228290bda6b9586ba42 |
| review_status: REVIEWED |