blob: 74637654f141a570b06530d6e3a344c1762d0cdc [file] [log] [blame]
id: GO-2022-1083
modules:
- module: github.com/free5gc/aper
vulnerable_at: 1.0.4
packages:
- package: github.com/free5gc/aper
symbols:
- GetBitString
derived_symbols:
- GetBitsValue
- Marshal
- MarshalWithParams
- Unmarshal
- UnmarshalWithParams
summary: Panic on malformed messages in github.com/free5gc/aper
description: |-
A malformed message can crash the free5gc/amf and free5gc/ngap decoders via an
index-out-of-range panic in aper.GetBitString.
cves:
- CVE-2022-43677
ghsas:
- GHSA-59hj-62f5-fgmc
credits:
- '@fisherwky'
references:
- report: https://github.com/free5gc/free5gc/issues/402
review_status: REVIEWED