github.com/google/osv-scalibr@v0.4.1/enricher/govulncheck/source/testdata/vulndb/GO-2021-0053.json (about) 1 { 2 "id": "GO-2021-0053", 3 "summary": "Panic due to improper input validation in github.com/gogo/protobuf", 4 "details": "Due to improper bounds checking, maliciously crafted input to generated Unmarshal methods can cause an out-of-bounds panic. If parsing messages from untrusted parties, this may be used as a denial of service vector.", 5 "aliases": [ 6 "BIT-consul-2021-3121", 7 "BIT-protobuf-2021-3121", 8 "CVE-2021-3121", 9 "GHSA-c3h9-896r-86jm" 10 ], 11 "modified": "2024-05-20T16:03:47Z", 12 "published": "2021-04-14T20:04:52Z", 13 "database_specific": { 14 "review_status": "REVIEWED", 15 "url": "https://pkg.go.dev/vuln/GO-2021-0053" 16 }, 17 "references": [ 18 { 19 "type": "FIX", 20 "url": "https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc" 21 } 22 ], 23 "affected": [ 24 { 25 "package": { 26 "name": "github.com/gogo/protobuf", 27 "ecosystem": "Go", 28 "purl": "pkg:golang/github.com/gogo/protobuf" 29 }, 30 "ranges": [ 31 { 32 "type": "SEMVER", 33 "events": [ 34 { 35 "introduced": "0" 36 }, 37 { 38 "fixed": "1.3.2" 39 } 40 ] 41 } 42 ], 43 "ecosystem_specific": { 44 "imports": [ 45 { 46 "symbols": [ 47 "unmarshal.Generate", 48 "unmarshal.field" 49 ], 50 "path": "github.com/gogo/protobuf/plugin/unmarshal" 51 } 52 ] 53 }, 54 "database_specific": { 55 "source": "https://vuln.go.dev/ID/GO-2021-0053.json" 56 } 57 } 58 ], 59 "schema_version": "1.7.3" 60 }