{ "schema_version": "1.4.0", "id": "GHSA-2h6c-j3gf-xp9r", "modified": "2023-02-10T19:52:45Z", "published": "2023-02-10T19:52:45Z", "aliases": [ "CVE-2023-23626" ], "summary": "IPFS go-bitfield vulnerable to DoS via malformed size arguments", "details": "### Impact\nWhen feeding untrusted user input into the size parameter of `NewBitfield` and `FromBytes` functions, an attacker can trigger `panic`s.\n\nThis happen when the `size` is a not a multiple of `8` or is negative.\nThere were already a note in the `NewBitfield` documentation:\n> ```\n> Panics if size is not a multiple of 8.\n> ````\n\nBut it incomplete and missing from `FromBytes`'s documentation.\n\nThis has been replaced by returning an `(Bitfield, error)` and returning a non nil error if the size is wrong.\n\n### Patches\n- https://github.com/ipfs/go-bitfield/commit/5e1d256fe043fc4163343ccca83862c69c52e579\n\n### Workarounds\n- Ensure `size%8 == 0 && size >= 0` yourself before calling `NewBitfield` or `FromBytes`\n\n### References\n- https://github.com/ipfs/go-unixfs/security/advisories/GHSA-q264-w97q-q778\n", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "affected": [ { "package": { "ecosystem": "Go", "name": "github.com/ipfs/go-bitfield" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "1.1.0" } ] } ] } ], "references": [ { "type": "WEB", "url": "https://github.com/ipfs/go-bitfield/security/advisories/GHSA-2h6c-j3gf-xp9r" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23626" }, { "type": "WEB", "url": "https://github.com/ipfs/go-bitfield/commit/5e1d256fe043fc4163343ccca83862c69c52e579" }, { "type": "PACKAGE", "url": "https://github.com/ipfs/go-bitfield" }, { "type": "WEB", "url": "https://pkg.go.dev/vuln/GO-2023-1558" } ], "database_specific": { "cwe_ids": [ "CWE-1284", "CWE-754" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-02-10T19:52:45Z", "nvd_published_at": "2023-02-09T21:15:00Z" } }