reports/GO-2021-0057.yaml - vulndb - Git at Google

 packages:
   - module: github.com/buger/jsonparser
     symbols:
       - searchKeys
     derived_symbols:
       - ArrayEach
       - Delete
       - EachKey
       - FuzzDelete
       - FuzzEachKey
       - FuzzGetBoolean
       - FuzzGetFloat
       - FuzzGetInt
       - FuzzGetString
       - FuzzGetUnsafeString
       - FuzzObjectEach
       - FuzzSet
       - Get
       - GetBoolean
       - GetFloat
       - GetInt
       - GetString
       - GetUnsafeString
       - ObjectEach
       - Set
     versions:
       - fixed: 1.1.1
 description: |
     Due to improper bounds checking, maliciously crafted JSON objects
     can cause an out-of-bounds panic. If parsing user input, this may
     be used as a denial of service vector.
 published: 2021-04-14T20:04:52Z
 cves:
   - CVE-2020-35381
 credit: '@toptotu'
 links:
     pr: https://github.com/buger/jsonparser/pull/221
     commit: https://github.com/buger/jsonparser/commit/df3ea76ece10095374fd1c9a22a4fb85a44efc42
     context:
       - https://github.com/buger/jsonparser/issues/219
	packages:
	- module: github.com/buger/jsonparser
	symbols:
	- searchKeys
	derived_symbols:
	- ArrayEach
	- Delete
	- EachKey
	- FuzzDelete
	- FuzzEachKey
	- FuzzGetBoolean
	- FuzzGetFloat
	- FuzzGetInt
	- FuzzGetString
	- FuzzGetUnsafeString
	- FuzzObjectEach
	- FuzzSet
	- Get
	- GetBoolean
	- GetFloat
	- GetInt
	- GetString
	- GetUnsafeString
	- ObjectEach
	- Set
	versions:
	- fixed: 1.1.1
	description: \|
	Due to improper bounds checking, maliciously crafted JSON objects
	can cause an out-of-bounds panic. If parsing user input, this may
	be used as a denial of service vector.
	published: 2021-04-14T20:04:52Z
	cves:
	- CVE-2020-35381
	credit: '@toptotu'
	links:
	pr: https://github.com/buger/jsonparser/pull/221
	commit: https://github.com/buger/jsonparser/commit/df3ea76ece10095374fd1c9a22a4fb85a44efc42
	context:
	- https://github.com/buger/jsonparser/issues/219