Vulnerability Report: GO-2021-0102

CVE-2019-11289, GHSA-5796-p3m6-9qj4
Affects: code.cloudfoundry.org/gorouter, github.com/cloudfoundry/gorouter
Published: Jul 28, 2021
Modified: May 20, 2024

Due to improper input validation, a maliciously crafted input can cause a panic, due to incorrect nonce size. If this package is used to decrypt user supplied messages without checking the size of supplied nonces, this may be used as a vector for a denial of service attack.

Affected Packages

Path

Go Versions

Symbols
code.cloudfoundry.org/gorouter/common/secure

before v0.0.0-20191101214924-b1b5c44e050f
- AesGCM.Decrypt
github.com/cloudfoundry/gorouter/common/secure

before v0.0.0-20191101214924-b1b5c44e050f
- AesGCM.Decrypt

Aliases

CVE-2019-11289
GHSA-5796-p3m6-9qj4

References

https://github.com/cloudfoundry/gorouter/commit/b1b5c44e050f73b399b379ca63a42a2c5780a83f
https://www.cloudfoundry.org/blog/cve-2019-11289/
https://vuln.go.dev/ID/GO-2021-0102.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL