blob: 1cde6927c7ad83f2a426c0ec9703fe9bd97208dd [file] [log] [blame]
id: GO-2023-1930
modules:
- module: github.com/hamba/avro/v2
versions:
- fixed: 2.13.0
vulnerable_at: 2.12.0
packages:
- package: github.com/hamba/avro/v2
symbols:
- Reader.readBytes
derived_symbols:
- Decoder.Decode
- Reader.ReadArrayCB
- Reader.ReadBytes
- Reader.ReadMapCB
- Reader.ReadNext
- Reader.ReadString
- Reader.ReadVal
- Unmarshal
- arrayDecoder.Decode
- bytesCodec.Decode
- bytesDecimalCodec.Decode
- bytesDecimalPtrCodec.Decode
- dereferenceDecoder.Decode
- efaceDecoder.Decode
- frozenConfig.Unmarshal
- mapDecoder.Decode
- mapSkipDecoder.Decode
- mapUnionDecoder.Decode
- recordIfaceDecoder.Decode
- recordMapDecoder.Decode
- recordSkipDecoder.Decode
- referenceDecoder.Decode
- sliceSkipDecoder.Decode
- stringCodec.Decode
- structDecoder.Decode
- textMarshalerCodec.Decode
- unionPtrDecoder.Decode
- unionResolvedDecoder.Decode
- unionSkipDecoder.Decode
- module: github.com/hamba/avro
vulnerable_at: 1.8.0
packages:
- package: github.com/hamba/avro
symbols:
- Reader.ReadBytes
- Reader.ReadString
derived_symbols:
- Decoder.Decode
- Reader.ReadArrayCB
- Reader.ReadMapCB
- Reader.ReadNext
- Reader.ReadVal
- Unmarshal
- arrayDecoder.Decode
- bytesCodec.Decode
- bytesDecimalCodec.Decode
- bytesDecimalPtrCodec.Decode
- dereferenceDecoder.Decode
- efaceDecoder.Decode
- frozenConfig.Unmarshal
- mapDecoder.Decode
- mapSkipDecoder.Decode
- mapUnionDecoder.Decode
- recordIfaceDecoder.Decode
- recordMapDecoder.Decode
- recordSkipDecoder.Decode
- referenceDecoder.Decode
- sliceSkipDecoder.Decode
- stringCodec.Decode
- structDecoder.Decode
- textMarshalerCodec.Decode
- unionPtrDecoder.Decode
- unionResolvedDecoder.Decode
- unionSkipDecoder.Decode
summary: Unrestricted memory consumption in github.com/hamba/avro
cves:
- CVE-2023-37475
ghsas:
- GHSA-9x44-9pgq-cf45
references:
- advisory: https://github.com/hamba/avro/security/advisories/GHSA-9x44-9pgq-cf45
- fix: https://github.com/hamba/avro/pull/273
review_status: REVIEWED