| packages: |
| - module: github.com/holiman/uint256 |
| symbols: |
| - udivrem |
| derived_symbols: |
| - Int.AddMod |
| - Int.Div |
| - Int.Mod |
| - Int.MulMod |
| - Int.SDiv |
| - Int.SMod |
| versions: |
| - introduced: 0.1.0 |
| - fixed: 1.1.1 |
| description: | |
| Due to improper bounds checking, certain mathmatical operations can cause a panic via an |
| out of bounds read. If this package is used to process untrusted user inputs, this may be used |
| as a vector for a denial of service attack. |
| published: 2021-07-28T18:08:05Z |
| cves: |
| - CVE-2020-26242 |
| ghsas: |
| - GHSA-jm5c-rv3w-w83m |
| credit: Dima Stebaev |
| links: |
| pr: https://github.com/holiman/uint256/pull/80 |
| commit: https://github.com/holiman/uint256/commit/6785da6e3eea403260a5760029e722aa4ff1716d |
| context: |
| - https://github.com/ethereum/go-ethereum/security/advisories/GHSA-jm5c-rv3w-w83m |