| Tatiana Bradley | f1409b0 | 2023-05-24 14:02:12 -0400 | [diff] [blame] | 1 | id: GO-2023-1558 |
| Maceo Thompson | 81e94ec | 2023-02-14 12:25:44 -0500 | [diff] [blame] | 2 | modules: |
| Tatiana Bradley | 82175fd | 2023-05-31 17:04:08 -0400 | [diff] [blame^] | 3 | - module: github.com/ipfs/go-bitfield |
| 4 | versions: |
| 5 | - fixed: 1.1.0 |
| 6 | vulnerable_at: 1.0.0 |
| 7 | packages: |
| 8 | - package: github.com/ipfs/go-bitfield |
| 9 | symbols: |
| 10 | - NewBitfield |
| 11 | - FromBytes |
| Tatiana Bradley | 7c92a88 | 2023-05-08 13:11:54 -0400 | [diff] [blame] | 12 | summary: 'TODO(https://go.dev/issue/56443): fill in summary field' |
| Maceo Thompson | 81e94ec | 2023-02-14 12:25:44 -0500 | [diff] [blame] | 13 | description: | |
| 14 | When feeding untrusted user input into the size parameter of `NewBitfield` |
| 15 | and FromBytes functions, an attacker can trigger panics. |
| 16 | |
| 17 | This happens when the size is a not a multiple of 8 or is negative. |
| 18 | |
| 19 | A workaround is to ensure size%8 == 0 && size >= 0 yourself before calling |
| 20 | NewBitfield or FromBytes. |
| 21 | cves: |
| Tatiana Bradley | 82175fd | 2023-05-31 17:04:08 -0400 | [diff] [blame^] | 22 | - CVE-2023-23626 |
| Maceo Thompson | 81e94ec | 2023-02-14 12:25:44 -0500 | [diff] [blame] | 23 | ghsas: |
| Tatiana Bradley | 82175fd | 2023-05-31 17:04:08 -0400 | [diff] [blame^] | 24 | - GHSA-2h6c-j3gf-xp9r |
| Tatiana Bradley | 0910814 | 2023-05-18 16:23:32 -0400 | [diff] [blame] | 25 | credits: |
| Tatiana Bradley | 82175fd | 2023-05-31 17:04:08 -0400 | [diff] [blame^] | 26 | - Jorropo |
| Maceo Thompson | 81e94ec | 2023-02-14 12:25:44 -0500 | [diff] [blame] | 27 | references: |
| Tatiana Bradley | 82175fd | 2023-05-31 17:04:08 -0400 | [diff] [blame^] | 28 | - advisory: https://github.com/ipfs/go-bitfield/security/advisories/GHSA-2h6c-j3gf-xp9r |
| 29 | - fix: https://github.com/ipfs/go-bitfield/commit/5e1d256fe043fc4163343ccca83862c69c52e579 |
