blob: 2990d2489ce5e9adf534333497ae6db8917afee1 [file] [log] [blame]
id: GO-2022-0244
modules:
- module: github.com/satori/go.uuid
versions:
- introduced: 1.2.1-0.20180103161547-0ef6afb2f6cd
- fixed: 1.2.1-0.20180404165556-75cca531ea76
vulnerable_at: 1.2.1-0.20180103161547-0ef6afb2f6cd
packages:
- package: github.com/satori/go.uuid
symbols:
- rfc4122Generator.NewV4
- rfc4122Generator.getClockSequence
- rfc4122Generator.getHardwareAddr
derived_symbols:
- NewV1
- NewV2
- NewV4
- rfc4122Generator.NewV1
- rfc4122Generator.NewV2
summary: Insufficient randomness in UUIDs in github.com/satori/go.uuid
description: |-
Random data used to create UUIDs can contain zeros, resulting in predictable
UUIDs and possible collisions.
published: 2022-07-15T23:06:26Z
cves:
- CVE-2021-3538
ghsas:
- GHSA-33m6-q9v5-62r7
credits:
- '@josselin-c'
references:
- fix: https://github.com/satori/go.uuid/pull/75
- fix: https://github.com/satori/go.uuid/commit/75cca531ea763666bc46e531da3b4c3b95f64557
- report: https://github.com/satori/go.uuid/issues/73
review_status: REVIEWED