blob: e18889d26ada72fbc22dbc245cdc9a9c683433d9 [file] [log] [blame]
packages:
- module: github.com/holiman/uint256
symbols:
- udivrem
derived_symbols:
- Int.AddMod
- Int.Div
- Int.Mod
- Int.MulMod
- Int.SDiv
- Int.SMod
versions:
- introduced: 0.1.0
- fixed: 1.1.1
description: |
Due to improper bounds checking, certain mathmatical operations can cause a panic via an
out of bounds read. If this package is used to process untrusted user inputs, this may be used
as a vector for a denial of service attack.
published: 2021-07-28T18:08:05Z
cves:
- CVE-2020-26242
ghsas:
- GHSA-jm5c-rv3w-w83m
credit: Dima Stebaev
links:
pr: https://github.com/holiman/uint256/pull/80
commit: https://github.com/holiman/uint256/commit/6785da6e3eea403260a5760029e722aa4ff1716d
context:
- https://github.com/ethereum/go-ethereum/security/advisories/GHSA-jm5c-rv3w-w83m