зеркало из https://github.com/golang/vulndb.git
25 строки
674 B
YAML
25 строки
674 B
YAML
id: GO-2022-0972
|
|
modules:
|
|
- module: github.com/shamaton/msgpack/v2
|
|
versions:
|
|
- fixed: 2.1.1
|
|
vulnerable_at: 2.1.0
|
|
packages:
|
|
- package: github.com/shamaton/msgpack/v2
|
|
symbols:
|
|
- Unmarshal
|
|
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
|
|
description: |
|
|
Unmarshal can panic on some inputs, possibly allowing for denial
|
|
of service attacks.
|
|
ghsas:
|
|
- GHSA-jr77-8gx4-h5qh
|
|
credits:
|
|
- Red Canary
|
|
references:
|
|
- report: https://github.com/shamaton/msgpack/issues/31
|
|
- fix: https://github.com/shamaton/msgpack/pull/32
|
|
cve_metadata:
|
|
id: CVE-2022-41719
|
|
cwe: 'CWE 400: Uncontrolled Resource Consumption'
|