x/vulndb: add reports/GO-2022-0422.yaml for GHSA-g3vv-g2j5-45f2
Fixes golang/vulndb#0422
Change-Id: Ie17915f4b8c3146980febc392932bb16a0567e84
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/414814
Run-TryBot: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
diff --git a/reports/GO-2022-0422.yaml b/reports/GO-2022-0422.yaml
new file mode 100644
index 0000000..66beefd
--- /dev/null
+++ b/reports/GO-2022-0422.yaml
@@ -0,0 +1,16 @@
+packages:
+ - module: github.com/ipld/go-codec-dagpb
+ symbols:
+ - DecodeBytes
+ derived_symbols:
+ - Decode
+ - Decoder
+ - Unmarshal
+ versions:
+ - fixed: 1.3.1
+ vulnerable_at: 1.3.0
+description: The dag-pb codec can panic when decoding invalid blocks.
+ghsas:
+ - GHSA-g3vv-g2j5-45f2
+links:
+ commit: https://github.com/ipld/go-codec-dagpb/commit/a17ace35cc760a2698645c09868f9050fa219f57