x/vulndb: add reports/GO-2022-0422.yaml for GHSA-g3vv-g2j5-45f2 Fixes golang/vulndb#0422 Change-Id: Ie17915f4b8c3146980febc392932bb16a0567e84 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/414814 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org>

commit: 9e02de05cb6e73975a18c05c1b85502b1fe59284 [log] [tgz]
author: Damien Neil <dneil@google.com> Tue Jun 28 09:48:31 2022 -0700
committer: Damien Neil <dneil@google.com> Fri Jul 01 20:08:04 2022 +0000
tree: 1b180126d5541b32fd190aa7a8b623e1110c3bf9
parent: b590b023c58822d349c56ea9e1d97b662256ca8f [diff]
diff --git a/reports/GO-2022-0422.yaml b/reports/GO-2022-0422.yaml
new file mode 100644
index 0000000..66beefd
--- /dev/null
+++ b/reports/GO-2022-0422.yaml

@@ -0,0 +1,16 @@
+packages:
+  - module: github.com/ipld/go-codec-dagpb
+    symbols:
+      - DecodeBytes
+    derived_symbols:
+      - Decode
+      - Decoder
+      - Unmarshal
+    versions:
+      - fixed: 1.3.1
+    vulnerable_at: 1.3.0
+description: The dag-pb codec can panic when decoding invalid blocks.
+ghsas:
+  - GHSA-g3vv-g2j5-45f2
+links:
+    commit: https://github.com/ipld/go-codec-dagpb/commit/a17ace35cc760a2698645c09868f9050fa219f57
commit	9e02de05cb6e73975a18c05c1b85502b1fe59284	[log] [tgz]
author	Damien Neil <dneil@google.com>	Tue Jun 28 09:48:31 2022 -0700
committer	Damien Neil <dneil@google.com>	Fri Jul 01 20:08:04 2022 +0000
tree	1b180126d5541b32fd190aa7a8b623e1110c3bf9
parent	b590b023c58822d349c56ea9e1d97b662256ca8f [diff]