зеркало из https://github.com/golang/vulndb.git
45 строки
1.2 KiB
YAML
45 строки
1.2 KiB
YAML
modules:
|
|
- module: github.com/buger/jsonparser
|
|
versions:
|
|
- fixed: 1.1.1
|
|
vulnerable_at: 1.1.0
|
|
packages:
|
|
- package: github.com/buger/jsonparser
|
|
symbols:
|
|
- searchKeys
|
|
derived_symbols:
|
|
- ArrayEach
|
|
- Delete
|
|
- EachKey
|
|
- FuzzDelete
|
|
- FuzzEachKey
|
|
- FuzzGetBoolean
|
|
- FuzzGetFloat
|
|
- FuzzGetInt
|
|
- FuzzGetString
|
|
- FuzzGetUnsafeString
|
|
- FuzzObjectEach
|
|
- FuzzSet
|
|
- Get
|
|
- GetBoolean
|
|
- GetFloat
|
|
- GetInt
|
|
- GetString
|
|
- GetUnsafeString
|
|
- ObjectEach
|
|
- Set
|
|
description: |
|
|
Due to improper bounds checking, maliciously crafted JSON objects
|
|
can cause an out-of-bounds panic. If parsing user input, this may
|
|
be used as a denial of service vector.
|
|
published: 2021-04-14T20:04:52Z
|
|
cves:
|
|
- CVE-2020-35381
|
|
ghsas:
|
|
- GHSA-8vrw-m3j9-j27c
|
|
credit: '@toptotu'
|
|
references:
|
|
- fix: https://github.com/buger/jsonparser/pull/221
|
|
- fix: https://github.com/buger/jsonparser/commit/df3ea76ece10095374fd1c9a22a4fb85a44efc42
|
|
- web: https://github.com/buger/jsonparser/issues/219
|