data/reports/GO-2022-1188.yaml - vulndb - Git at Google

 id: GO-2022-1188
 modules:
   - module: code.sajari.com/docconv
     versions:
       - fixed: 1.2.1
     vulnerable_at: 1.2.0
     packages:
       - package: code.sajari.com/docconv/docd
         symbols:
           - serve
         derived_symbols:
           - main
 summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     An attacker can remotely supply a specially crafted input that causes
     uncontrolled memory allocation.
 cves:
   - CVE-2022-4741
 ghsas:
   - GHSA-qvx2-59g8-8hph
 references:
   - fix: https://github.com/sajari/docconv/commit/42bcff666855ab978e67a9041d0cdea552f20301
	id: GO-2022-1188
	modules:
	- module: code.sajari.com/docconv
	versions:
	- fixed: 1.2.1
	vulnerable_at: 1.2.0
	packages:
	- package: code.sajari.com/docconv/docd
	symbols:
	- serve
	derived_symbols:
	- main
	summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
	description: \|
	An attacker can remotely supply a specially crafted input that causes
	uncontrolled memory allocation.
	cves:
	- CVE-2022-4741
	ghsas:
	- GHSA-qvx2-59g8-8hph
	references:
	- fix: https://github.com/sajari/docconv/commit/42bcff666855ab978e67a9041d0cdea552f20301