blob: 62308ae67d0d2ea8162ab86ab086dac82daed097 [file] [log] [blame]
packages:
- module: github.com/ulikunitz/xz
symbols:
- readUvarint
derived_symbols:
- Reader.Read
- blockHeader.UnmarshalBinary
- streamReader.Read
versions:
- fixed: 0.5.8
description: |
An attacker can construct a series of bytes such that calling
Reader.Read on the bytes could cause an infinite loop. If
parsing user supplied input, this may be used as a denial of
service vector.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2021-29482
ghsas:
- GHSA-25xm-hr59-7c27
credit: '@0xdecaf'
links:
commit: https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b
context:
- https://github.com/ulikunitz/xz/issues/35
- https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27