blob: 8687a09eac859155ed7363049e9e71ff8557efcd [file] [log] [blame]
id: GO-2023-1557
modules:
- module: github.com/ipfs/go-unixfs
versions:
- fixed: 0.4.3
vulnerable_at: 0.4.2
packages:
- package: github.com/ipfs/go-unixfs/hamt
symbols:
- makeShard
- newChilder
derived_symbols:
- NewHamtFromDag
- NewShard
- NewShardValue
- Shard.EnumLinks
- Shard.EnumLinksAsync
- Shard.Find
- Shard.ForEachLink
- Shard.Remove
- Shard.Set
- Shard.SetLink
- Shard.Swap
- Shard.Take
summary: Denial of service via HAMT decoding panic in github.com/ipfs/go-unixfs
description: |-
Trying to read malformed HAMT sharded directories can cause panics and virtual
memory leaks. If you are reading untrusted user input, an attacker can then
trigger a panic.
This is caused by bogus "fanout" parameter in the HAMT directory nodes. A
workaround is to not feed untrusted user data to the decoding functions.
cves:
- CVE-2023-23625
ghsas:
- GHSA-q264-w97q-q778
credits:
- Jorropo
references:
- advisory: https://github.com/advisories/GHSA-q264-w97q-q778
- fix: https://github.com/ipfs/go-unixfs/commit/467d139a640ecee4f2e74643dafcc58bb3b54175
review_status: REVIEWED