blob: 766b53e44b8dc46ff0219b9a3aeafb32d6a6db07 [file] [log] [blame]
packages:
- module: code.cloudfoundry.org/gorouter
package: code.cloudfoundry.org/gorouter/common/secure
symbols:
- AesGCM.Decrypt
versions:
- fixed: 0.0.0-20191101214924-b1b5c44e050f
- module: github.com/cloudfoundry/gorouter
package: github.com/cloudfoundry/gorouter/common/secure
symbols:
- AesGCM.Decrypt
versions:
- fixed: 0.0.0-20191101214924-b1b5c44e050f
description: |
Due to improper input validation, a maliciously crafted input can cause a panic, due to incorrect
nonce size. If this package is used to decrypt user supplied messages without checking the size of
supplied nonces, this may be used as a vector for a denial of service attack.
published: 2021-07-28T18:08:05Z
cves:
- CVE-2019-11289
ghsas:
- GHSA-5796-p3m6-9qj4
links:
commit: https://github.com/cloudfoundry/gorouter/commit/b1b5c44e050f73b399b379ca63a42a2c5780a83f
context:
- https://github.com/advisories/GHSA-5796-p3m6-9qj4
- https://www.cloudfoundry.org/blog/cve-2019-11289/