| Roland Shoemaker | eb069dd | 2021-07-15 13:05:23 -0700 | [diff] [blame] | 1 | module: code.cloudfoundry.org/gorouter |
| 2 | package: code.cloudfoundry.org/gorouter/common/secure |
| 3 | additional_packages: |
| 4 | - module: github.com/cloudfoundry/gorouter |
| 5 | package: github.com/cloudfoundry/gorouter/common/secure |
| 6 | symbols: |
| 7 | - AesGCM.Decrypt |
| 8 | versions: |
| 9 | - fixed: v0.0.0-20191101214924-b1b5c44e050f |
| 10 | versions: |
| 11 | - fixed: v0.0.0-20191101214924-b1b5c44e050f |
| 12 | description: | |
| 13 | Due to improper input validation, a maliciously crafted input can cause a panic, due to incorrect |
| 14 | nonce size. If this package is used to decrypt user supplied messages without checking the size of |
| 15 | supplied nonces, this may be used as a vector for a denial of service attack. |
| 16 | cve: CVE-2019-11289 |
| 17 | symbols: |
| 18 | - AesGCM.Decrypt |
| 19 | published: 2021-07-28T12:00:00Z |
| 20 | links: |
| 21 | commit: https://github.com/cloudfoundry/gorouter/commit/b1b5c44e050f73b399b379ca63a42a2c5780a83f |
| 22 | context: |
| 23 | - https://github.com/advisories/GHSA-5796-p3m6-9qj4 |
| 24 | - https://www.cloudfoundry.org/blog/cve-2019-11289/ |
