blob: 2b639e83d4de3e60610751a472c71af0c22399dc [file] [log] [blame]
id: GO-2022-0503
modules:
- module: github.com/ipld/go-car
versions:
- fixed: 0.4.0
vulnerable_at: 0.3.3
packages:
- package: github.com/ipld/go-car
- package: github.com/ipld/go-car/util
- module: github.com/ipld/go-car/v2
versions:
- introduced: 2.0.0
- fixed: 2.4.0
vulnerable_at: 2.3.0
packages:
- package: github.com/ipld/go-car/v2
- package: github.com/ipld/go-car/v2/blockstore
- package: github.com/ipld/go-car/v2/index
summary: Denial of service via malformed CAR data in github.com/ipld/go-car and go-car/v2
description: Decoding malformed CAR data can cause panics or excessive memory usage.
published: 2022-07-30T03:50:50Z
ghsas:
- GHSA-9x4h-8wgm-8xfg
references:
- advisory: https://github.com/advisories/GHSA-9x4h-8wgm-8xfg
review_status: REVIEWED