blob: bb4911c1aab9cece84e2c45e18d72fbd349bb3d3 [file] [log] [blame]
id: GO-2022-0253
modules:
- module: github.com/cloudflare/cfrpki
versions:
- fixed: 1.4.0
vulnerable_at: 1.3.0
packages:
- package: github.com/cloudflare/cfrpki/sync/lib
symbols:
- HTTPFetcher.GetXML
summary: Resource exhaustion via GZIP bomb in github.com/cloudflare/cfrpki
description: |-
The HTTPFetcher.GetXML function reads a response of unlimited size into memory,
permitting resource exhaustion.
published: 2022-07-15T23:07:48Z
cves:
- CVE-2021-3912
ghsas:
- GHSA-g9wh-3vrx-r7hg
credits:
- Koen van Hove
references:
- fix: https://github.com/cloudflare/cfrpki/commit/648658b1b176a747b52645989cfddc73a81eacad