blob: 862468771bd3e561f968153045603aa68df57002 [file] [log] [blame]
id: GO-2021-0079
modules:
- module: github.com/bytom/bytom
versions:
- fixed: 1.0.4-0.20180831054840-1ac3c8ac4f2b
vulnerable_at: 1.0.4-0.20180831031436-69b3d4c7cf41
packages:
- package: github.com/bytom/bytom/p2p/discover
symbols:
- Network.checkTopicRegister
skip_fix: 'TODO: Revisit this reason. (Fix causes error containing cannot find module providing package github.com/bytom/common)'
summary: Panic in github.com/bytom/bytom
description: |-
A malformed query can cause an out-of-bounds panic due to improper validation of
arguments. If processing queries from untrusted parties, this may be used as a
vector for denial of service attacks.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2018-18206
ghsas:
- GHSA-vc3x-gx6c-g99f
credits:
- '@yahtoo'
references:
- fix: https://github.com/Bytom/bytom/pull/1307
- fix: https://github.com/Bytom/bytom/commit/1ac3c8ac4f2b1e1df9675228290bda6b9586ba42
review_status: REVIEWED