blob: 4d0ae64eb4ba2aef3f81aae413190ec342c3641e [file] [log] [blame]
packages:
- module: github.com/buger/jsonparser
symbols:
- searchKeys
derived_symbols:
- ArrayEach
- Delete
- EachKey
- FuzzDelete
- FuzzEachKey
- FuzzGetBoolean
- FuzzGetFloat
- FuzzGetInt
- FuzzGetString
- FuzzGetUnsafeString
- FuzzObjectEach
- FuzzSet
- Get
- GetBoolean
- GetFloat
- GetInt
- GetString
- GetUnsafeString
- ObjectEach
- Set
versions:
- fixed: 1.1.1
description: |
Due to improper bounds checking, maliciously crafted JSON objects
can cause an out-of-bounds panic. If parsing user input, this may
be used as a denial of service vector.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2020-35381
credit: '@toptotu'
links:
pr: https://github.com/buger/jsonparser/pull/221
commit: https://github.com/buger/jsonparser/commit/df3ea76ece10095374fd1c9a22a4fb85a44efc42
context:
- https://github.com/buger/jsonparser/issues/219