github.com/google/osv-scalibr@v0.4.1/enricher/govulncheck/source/testdata/vulndb/GO-2023-1558.json (about) 1 { 2 "id": "GO-2023-1558", 3 "summary": "Denial of service via malformed size parameters in github.com/ipfs/go-bitfield", 4 "details": "When feeding untrusted user input into the size parameter of NewBitfield and FromBytes functions, an attacker can trigger panics.\n\nThis happens when the size is a not a multiple of 8 or is negative.\n\nA workaround is to ensure size%8 == 0 && size \u003E= 0 yourself before calling NewBitfield or FromBytes.", 5 "aliases": [ 6 "CVE-2023-23626", 7 "GHSA-2h6c-j3gf-xp9r" 8 ], 9 "modified": "2024-05-20T16:03:47Z", 10 "published": "2023-02-14T19:41:21Z", 11 "database_specific": { 12 "url": "https://pkg.go.dev/vuln/GO-2023-1558", 13 "review_status": "REVIEWED" 14 }, 15 "references": [ 16 { 17 "type": "ADVISORY", 18 "url": "https://github.com/ipfs/go-bitfield/security/advisories/GHSA-2h6c-j3gf-xp9r" 19 }, 20 { 21 "type": "FIX", 22 "url": "https://github.com/ipfs/go-bitfield/commit/5e1d256fe043fc4163343ccca83862c69c52e579" 23 } 24 ], 25 "affected": [ 26 { 27 "package": { 28 "name": "github.com/ipfs/go-bitfield", 29 "ecosystem": "Go", 30 "purl": "pkg:golang/github.com/ipfs/go-bitfield" 31 }, 32 "ranges": [ 33 { 34 "type": "SEMVER", 35 "events": [ 36 { 37 "introduced": "0" 38 }, 39 { 40 "fixed": "1.1.0" 41 } 42 ] 43 } 44 ], 45 "ecosystem_specific": { 46 "imports": [ 47 { 48 "symbols": [ 49 "FromBytes", 50 "NewBitfield" 51 ], 52 "path": "github.com/ipfs/go-bitfield" 53 } 54 ] 55 }, 56 "database_specific": { 57 "source": "https://vuln.go.dev/ID/GO-2023-1558.json" 58 } 59 } 60 ], 61 "schema_version": "1.7.3", 62 "credits": [ 63 { 64 "name": "Jorropo" 65 } 66 ] 67 }