data/reports/GO-2022-0503.yaml - vulndb - Git at Google

 id: GO-2022-0503
 modules:
     - module: github.com/ipld/go-car
       versions:
         - fixed: 0.4.0
       vulnerable_at: 0.3.3
       packages:
         - package: github.com/ipld/go-car
         - package: github.com/ipld/go-car/util
     - module: github.com/ipld/go-car/v2
       versions:
         - introduced: 2.0.0
           fixed: 2.4.0
       vulnerable_at: 2.3.0
       packages:
         - package: github.com/ipld/go-car/v2
         - package: github.com/ipld/go-car/v2/blockstore
         - package: github.com/ipld/go-car/v2/index
 summary: Denial of service via malformed CAR data in github.com/ipld/go-car and go-car/v2
 description: Decoding malformed CAR data can cause panics or excessive memory usage.
 published: 2022-07-30T03:50:50Z
 ghsas:
     - GHSA-9x4h-8wgm-8xfg
 references:
     - advisory: https://github.com/advisories/GHSA-9x4h-8wgm-8xfg
	id: GO-2022-0503
	modules:
	- module: github.com/ipld/go-car
	versions:
	- fixed: 0.4.0
	vulnerable_at: 0.3.3
	packages:
	- package: github.com/ipld/go-car
	- package: github.com/ipld/go-car/util
	- module: github.com/ipld/go-car/v2
	versions:
	- introduced: 2.0.0
	fixed: 2.4.0
	vulnerable_at: 2.3.0
	packages:
	- package: github.com/ipld/go-car/v2
	- package: github.com/ipld/go-car/v2/blockstore
	- package: github.com/ipld/go-car/v2/index
	summary: Denial of service via malformed CAR data in github.com/ipld/go-car and go-car/v2
	description: Decoding malformed CAR data can cause panics or excessive memory usage.
	published: 2022-07-30T03:50:50Z
	ghsas:
	- GHSA-9x4h-8wgm-8xfg
	references:
	- advisory: https://github.com/advisories/GHSA-9x4h-8wgm-8xfg