blob: 52414c45ae79d8a6f58164133282e1b778fb04c1 [file] [log] [blame]
id: GO-2021-0103
modules:
- module: github.com/holiman/uint256
versions:
- introduced: 0.1.0
fixed: 1.1.1
vulnerable_at: 1.1.0
packages:
- package: github.com/holiman/uint256
symbols:
- udivrem
derived_symbols:
- Int.AddMod
- Int.Div
- Int.Mod
- Int.MulMod
- Int.SDiv
- Int.SMod
summary: Denial of service in github.com/holiman/uint256
description: |-
Due to improper bounds checking, certain mathematical operations can cause a
panic via an out of bounds read. If this package is used to process untrusted
user inputs, this may be used as a vector for a denial of service attack.
published: 2021-07-28T18:08:05Z
cves:
- CVE-2020-26242
ghsas:
- GHSA-jm5c-rv3w-w83m
credits:
- Dima Stebaev
references:
- fix: https://github.com/holiman/uint256/pull/80
- fix: https://github.com/holiman/uint256/commit/6785da6e3eea403260a5760029e722aa4ff1716d