data/reports/GO-2022-0965.yaml - vulndb - Git at Google

 id: GO-2022-0965
 modules:
     - module: k8s.io/apimachinery
       versions:
         - fixed: 0.0.0-20190927203648-9ce6eca90e73
       vulnerable_at: 0.0.0-20190925125216-3ddb1b485b38
       packages:
         - package: k8s.io/apimachinery/pkg/runtime/serializer/json
           symbols:
             - customNumberDecoder.Decode
           derived_symbols:
             - Serializer.Decode
             - Serializer.Encode
         - package: k8s.io/apimachinery/pkg/util/json
           symbols:
             - Unmarshal
 summary: Unbounded recursion in JSON parsing in k8s.io/apimachinery
 description: |-
     Unbounded recursion in JSON parsing allows malicious JSON input to cause
     excessive memory consumption or panics.
 published: 2022-09-02T21:12:51Z
 ghsas:
     - GHSA-74fp-r6jw-h4mp
 references:
     - fix: https://github.com/kubernetes/kubernetes/pull/83261
     - web: https://github.com/advisories/GHSA-pmqp-h87c-mr78
     - web: https://nvd.nist.gov/vuln/detail/CVE-2019-11253
	id: GO-2022-0965
	modules:
	- module: k8s.io/apimachinery
	versions:
	- fixed: 0.0.0-20190927203648-9ce6eca90e73
	vulnerable_at: 0.0.0-20190925125216-3ddb1b485b38
	packages:
	- package: k8s.io/apimachinery/pkg/runtime/serializer/json
	symbols:
	- customNumberDecoder.Decode
	derived_symbols:
	- Serializer.Decode
	- Serializer.Encode
	- package: k8s.io/apimachinery/pkg/util/json
	symbols:
	- Unmarshal
	summary: Unbounded recursion in JSON parsing in k8s.io/apimachinery
	description: \|-
	Unbounded recursion in JSON parsing allows malicious JSON input to cause
	excessive memory consumption or panics.
	published: 2022-09-02T21:12:51Z
	ghsas:
	- GHSA-74fp-r6jw-h4mp
	references:
	- fix: https://github.com/kubernetes/kubernetes/pull/83261
	- web: https://github.com/advisories/GHSA-pmqp-h87c-mr78
	- web: https://nvd.nist.gov/vuln/detail/CVE-2019-11253