Vulnerability Report: GO-2020-0016
- CVE-2021-29482, GHSA-25xm-hr59-7c27
- Affects: github.com/ulikunitz/xz
- Published: Apr 14, 2021
- Modified: May 20, 2024
An attacker can construct a series of bytes such that calling Reader.Read on the bytes could cause an infinite loop. If parsing user supplied input, this may be used as a denial of service vector.
Affected Packages
-
PathGo VersionsSymbols
-
before v0.5.8
Aliases
References
- https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b
- https://github.com/ulikunitz/xz/issues/35
- https://vuln.go.dev/ID/GO-2020-0016.json
Credits
- @0xdecaf
Feedback
See anything missing or incorrect?
Suggest an edit to this report.