GHSA-2H6C-J3GF-XP9R
Vulnerability from github – Published: 2023-02-10 19:52 – Updated: 2023-02-10 19:52
VLAI?
Summary
IPFS go-bitfield vulnerable to DoS via malformed size arguments
Details
Impact
When feeding untrusted user input into the size parameter of NewBitfield and FromBytes functions, an attacker can trigger panics.
This happen when the size is a not a multiple of 8 or is negative.
There were already a note in the NewBitfield documentation:
``` Panics if size is not a multiple of 8. ````
But it incomplete and missing from FromBytes's documentation.
This has been replaced by returning an (Bitfield, error) and returning a non nil error if the size is wrong.
Patches
- https://github.com/ipfs/go-bitfield/commit/5e1d256fe043fc4163343ccca83862c69c52e579
Workarounds
- Ensure
size%8 == 0 && size >= 0yourself before callingNewBitfieldorFromBytes
References
- https://github.com/ipfs/go-unixfs/security/advisories/GHSA-q264-w97q-q778
Severity ?
5.9 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/ipfs/go-bitfield"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-23626"
],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-754"
],
"github_reviewed": true,
"github_reviewed_at": "2023-02-10T19:52:45Z",
"nvd_published_at": "2023-02-09T21:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nWhen feeding untrusted user input into the size parameter of `NewBitfield` and `FromBytes` functions, an attacker can trigger `panic`s.\n\nThis happen when the `size` is a not a multiple of `8` or is negative.\nThere were already a note in the `NewBitfield` documentation:\n\u003e ```\n\u003e Panics if size is not a multiple of 8.\n\u003e ````\n\nBut it incomplete and missing from `FromBytes`\u0027s documentation.\n\nThis has been replaced by returning an `(Bitfield, error)` and returning a non nil error if the size is wrong.\n\n### Patches\n- https://github.com/ipfs/go-bitfield/commit/5e1d256fe043fc4163343ccca83862c69c52e579\n\n### Workarounds\n- Ensure `size%8 == 0 \u0026\u0026 size \u003e= 0` yourself before calling `NewBitfield` or `FromBytes`\n\n### References\n- https://github.com/ipfs/go-unixfs/security/advisories/GHSA-q264-w97q-q778\n",
"id": "GHSA-2h6c-j3gf-xp9r",
"modified": "2023-02-10T19:52:45Z",
"published": "2023-02-10T19:52:45Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ipfs/go-bitfield/security/advisories/GHSA-2h6c-j3gf-xp9r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23626"
},
{
"type": "WEB",
"url": "https://github.com/ipfs/go-bitfield/commit/5e1d256fe043fc4163343ccca83862c69c52e579"
},
{
"type": "PACKAGE",
"url": "https://github.com/ipfs/go-bitfield"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2023-1558"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "IPFS go-bitfield vulnerable to DoS via malformed size arguments"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…