reports/GO-2020-0018.yaml - vulndb - Git at Google

 packages:
   - module: github.com/satori/go.uuid
     symbols:
       - NewV4
       - rfc4122Generator.getClockSequence
       - rfc4122Generator.getHardwareAddr
     derived_symbols:
       - NewV1
       - NewV2
       - init
       - safeRandom
     versions:
       - fixed: 1.2.1-0.20181016170032-d91630c85102
 description: |
     UUIDs generated using NewV1 and NewV4 may not read the expected
     number of random bytes. These UUIDs may contain a significantly smaller
     amount of entropy than expected, possibly leading to collisions.
 published: 2021-04-14T20:04:52Z
 cves:
   - CVE-2021-3538
 credit: '@josselin-c'
 links:
     pr: https://github.com/satori/go.uuid/pull/75
     commit: https://github.com/satori/go.uuid/commit/d91630c8510268e75203009fe7daf2b8e1d60c45
     context:
       - https://github.com/satori/go.uuid/issues/73
	packages:
	- module: github.com/satori/go.uuid
	symbols:
	- NewV4
	- rfc4122Generator.getClockSequence
	- rfc4122Generator.getHardwareAddr
	derived_symbols:
	- NewV1
	- NewV2
	- init
	- safeRandom
	versions:
	- fixed: 1.2.1-0.20181016170032-d91630c85102
	description: \|
	UUIDs generated using NewV1 and NewV4 may not read the expected
	number of random bytes. These UUIDs may contain a significantly smaller
	amount of entropy than expected, possibly leading to collisions.
	published: 2021-04-14T20:04:52Z
	cves:
	- CVE-2021-3538
	credit: '@josselin-c'
	links:
	pr: https://github.com/satori/go.uuid/pull/75
	commit: https://github.com/satori/go.uuid/commit/d91630c8510268e75203009fe7daf2b8e1d60c45
	context:
	- https://github.com/satori/go.uuid/issues/73