Google Git
Sign in
go / vulndb / 82175fd7a30858dc376cb5f6f15b062810844ff0 / . / data / reports / GO-2022-0253.yaml
blob: bb78176980a0a525be5a7b0cf65354512e259a10 [file] [log] [blame]
Tatiana Bradleyf1409b02023-05-24 14:02:12 -0400[diff] [blame]1id: GO-2022-0253
Damien Neilb5cb7652022-08-18 15:09:12 -0700[diff] [blame]2modules:
Tatiana Bradley82175fd2023-05-31 17:04:08 -0400[diff] [blame^]3 - module: github.com/cloudflare/cfrpki
4 versions:
5 - fixed: 1.4.0
6 vulnerable_at: 1.3.0
7 packages:
8 - package: github.com/cloudflare/cfrpki/sync/lib
9 symbols:
10 - HTTPFetcher.GetXML
Tatiana Bradley7c92a882023-05-08 13:11:54 -0400[diff] [blame]11summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
Damien Neil29d4a652022-07-01 14:53:29 -0700[diff] [blame]12description: |
13 The HTTPFetcher.GetXML function reads a response of unlimited size into
14 memory, permitting resource exhausion.
Damien Neil95a417d2022-08-17 15:39:45 -0700[diff] [blame]15published: 2022-07-15T23:07:48Z
Damien Neil29d4a652022-07-01 14:53:29 -0700[diff] [blame]16cves:
Tatiana Bradley82175fd2023-05-31 17:04:08 -0400[diff] [blame^]17 - CVE-2021-3912
Damien Neil29d4a652022-07-01 14:53:29 -0700[diff] [blame]18ghsas:
Tatiana Bradley82175fd2023-05-31 17:04:08 -0400[diff] [blame^]19 - GHSA-g9wh-3vrx-r7hg
Tatiana Bradley09108142023-05-18 16:23:32 -0400[diff] [blame]20credits:
Tatiana Bradley82175fd2023-05-31 17:04:08 -0400[diff] [blame^]21 - Koen van Hove
Damien Neil00e94d72022-08-26 14:59:35 -0700[diff] [blame]22references:
Tatiana Bradley82175fd2023-05-31 17:04:08 -0400[diff] [blame^]23 - fix: https://github.com/cloudflare/cfrpki/commit/648658b1b176a747b52645989cfddc73a81eacad