commit c963ad7d709398250507c72f171c7207558e9af6
author Tatiana Bradley <tatianabradley@google.com> Tue Jan 10 16:34:49 2023 -0500
committer Tatiana Bradley <tatiana@golang.org> Tue Jan 10 21:44:59 2023 +0000
tree fa25e3f634b7488d54cb5ace50e1f561c633e9dd
parent 081f562a04ab0aba3f6aebc03016110c8555c41a

data/reports: add alias for GO-2020-0022.yaml

Aliases: CVE-2014-125026, GHSA-4wp2-8rm2-jgmh

Updates golang/vulndb#22
Fixes golang/vulndb#1459

Change-Id: If2e3802e98fe75c0be8b9869fb1656473a7a349d
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/461436
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>

data/osv/GO-2020-0022.json

diff --git a/data/osv/GO-2020-0022.json b/data/osv/GO-2020-0022.json
index 557b711..50a61f0 100644
--- a/data/osv/GO-2020-0022.json
+++ b/data/osv/GO-2020-0022.json
@@ -3,7 +3,8 @@
   "published": "2021-04-14T20:04:52Z",
   "modified": "0001-01-01T00:00:00Z",
   "aliases": [
-    "CVE-2014-125026"
+    "CVE-2014-125026",
+    "GHSA-4wp2-8rm2-jgmh"
   ],
   "details": "LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input.",
   "affected": [

data/reports/GO-2020-0022.yaml

diff --git a/data/reports/GO-2020-0022.yaml b/data/reports/GO-2020-0022.yaml
index c11f9ac..83037b8 100644
--- a/data/reports/GO-2020-0022.yaml
+++ b/data/reports/GO-2020-0022.yaml
@@ -11,6 +11,8 @@
     memory corruption, which could lead to arbitrary code execution
     if called with untrusted user input.
 published: 2021-04-14T20:04:52Z
+ghsas:
+  - GHSA-4wp2-8rm2-jgmh
 credit: Yann Collet
 references:
   - fix: https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898