data/reports/GO-2021-0103.yaml - vulndb - Git at Google

 id: GO-2021-0103
 modules:
     - module: github.com/holiman/uint256
       versions:
         - introduced: 0.1.0
           fixed: 1.1.1
       vulnerable_at: 1.1.0
       packages:
         - package: github.com/holiman/uint256
           symbols:
             - udivrem
           derived_symbols:
             - Int.AddMod
             - Int.Div
             - Int.Mod
             - Int.MulMod
             - Int.SDiv
             - Int.SMod
 summary: Denial of service in github.com/holiman/uint256
 description: |-
     Due to improper bounds checking, certain mathematical operations can cause a
     panic via an out of bounds read. If this package is used to process untrusted
     user inputs, this may be used as a vector for a denial of service attack.
 published: 2021-07-28T18:08:05Z
 cves:
     - CVE-2020-26242
 ghsas:
     - GHSA-jm5c-rv3w-w83m
 credits:
     - Dima Stebaev
 references:
     - fix: https://github.com/holiman/uint256/pull/80
     - fix: https://github.com/holiman/uint256/commit/6785da6e3eea403260a5760029e722aa4ff1716d
	id: GO-2021-0103
	modules:
	- module: github.com/holiman/uint256
	versions:
	- introduced: 0.1.0
	fixed: 1.1.1
	vulnerable_at: 1.1.0
	packages:
	- package: github.com/holiman/uint256
	symbols:
	- udivrem
	derived_symbols:
	- Int.AddMod
	- Int.Div
	- Int.Mod
	- Int.MulMod
	- Int.SDiv
	- Int.SMod
	summary: Denial of service in github.com/holiman/uint256
	description: \|-
	Due to improper bounds checking, certain mathematical operations can cause a
	panic via an out of bounds read. If this package is used to process untrusted
	user inputs, this may be used as a vector for a denial of service attack.
	published: 2021-07-28T18:08:05Z
	cves:
	- CVE-2020-26242
	ghsas:
	- GHSA-jm5c-rv3w-w83m
	credits:
	- Dima Stebaev
	references:
	- fix: https://github.com/holiman/uint256/pull/80
	- fix: https://github.com/holiman/uint256/commit/6785da6e3eea403260a5760029e722aa4ff1716d