data/reports/GO-2022-0253.yaml - vulndb - Git at Google

 id: GO-2022-0253
 modules:
     - module: github.com/cloudflare/cfrpki
       versions:
         - fixed: 1.4.0
       vulnerable_at: 1.3.0
       packages:
         - package: github.com/cloudflare/cfrpki/sync/lib
           symbols:
             - HTTPFetcher.GetXML
 summary: Resource exhaustion via GZIP bomb in github.com/cloudflare/cfrpki
 description: |-
     The HTTPFetcher.GetXML function reads a response of unlimited size into memory,
     permitting resource exhaustion.
 published: 2022-07-15T23:07:48Z
 cves:
     - CVE-2021-3912
 ghsas:
     - GHSA-g9wh-3vrx-r7hg
 credits:
     - Koen van Hove
 references:
     - fix: https://github.com/cloudflare/cfrpki/commit/648658b1b176a747b52645989cfddc73a81eacad
 review_status: REVIEWED
	id: GO-2022-0253
	modules:
	- module: github.com/cloudflare/cfrpki
	versions:
	- fixed: 1.4.0
	vulnerable_at: 1.3.0
	packages:
	- package: github.com/cloudflare/cfrpki/sync/lib
	symbols:
	- HTTPFetcher.GetXML
	summary: Resource exhaustion via GZIP bomb in github.com/cloudflare/cfrpki
	description: \|-
	The HTTPFetcher.GetXML function reads a response of unlimited size into memory,
	permitting resource exhaustion.
	published: 2022-07-15T23:07:48Z
	cves:
	- CVE-2021-3912
	ghsas:
	- GHSA-g9wh-3vrx-r7hg
	credits:
	- Koen van Hove
	references:
	- fix: https://github.com/cloudflare/cfrpki/commit/648658b1b176a747b52645989cfddc73a81eacad
	review_status: REVIEWED