blob: fdaa45e6e8c12ba876114732ca15f676d7ba95b2 [file] [log] [blame]
module: github.com/ulikunitz/xz
versions:
- fixed: v0.5.8
description: |
An attacker can construct a series of bytes such that calling
Reader.Read on the bytes could cause an infinite loop. If
parsing user supplied input, this may be used as a denial of
service vector.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2021-29482
ghsas:
- GHSA-25xm-hr59-7c27
credit: '@0xdecaf'
symbols:
- readUvarint
derived_symbols:
- Reader.Read
- blockHeader.UnmarshalBinary
- streamReader.Read
links:
commit: https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b
context:
- https://github.com/ulikunitz/xz/issues/35
- https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27