blob: c3805078335fdb9497214ecc690511e74e5ddad3 [file] [log] [blame]
id: GO-2022-0422
modules:
- module: github.com/ipld/go-codec-dagpb
versions:
- fixed: 1.3.1
vulnerable_at: 1.3.0
packages:
- package: github.com/ipld/go-codec-dagpb
symbols:
- DecodeBytes
derived_symbols:
- Decode
- Decoder
- Unmarshal
summary: Panic when decoding invalid blocks in github.com/ipld/go-codec-dagpb
description: The dag-pb codec can panic when decoding invalid blocks.
published: 2022-07-01T20:08:04Z
ghsas:
- GHSA-967g-cjx4-h7j6
- GHSA-g3vv-g2j5-45f2
references:
- fix: https://github.com/ipld/go-codec-dagpb/commit/a17ace35cc760a2698645c09868f9050fa219f57
cve_metadata:
id: CVE-2022-2584
cwe: 'CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer'
review_status: REVIEWED