Vulnerability Report: GO-2021-0100

Due to a goroutine deadlock, using github.com/containers/storage/pkg/archive.DecompressStream on a xz archive returns a reader which will hang indefinitely when Close is called. An attacker can use this to cause denial of service if they are able to cause the caller to attempt to decompress an archive they control.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL