GO-2021-0101

See a problem?
Please try reporting it to the source first.

Source

https://pkg.go.dev/vuln/GO-2021-0101

Import Source

https://vuln.go.dev/ID/GO-2021-0101.json

JSON Data

https://api.test.osv.dev/v1/vulns/GO-2021-0101

Aliases

Published

2021-07-28T18:08:05Z

Modified

2024-05-20T16:03:47Z

Summary

Panic due to out-of-bounds read in github.com/apache/thrift

Details

Due to an improper bounds check, parsing maliciously crafted messages can cause panics. If this package is used to parse untrusted input, this may be used as a vector for a denial of service attack.

Database specific

{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2021-0101"
}

References

https://github.com/apache/thrift/commit/264a3f318ed3e9e51573f67f963c8509786bcec2

Affected packages

Go / github.com/apache/thrift

Package

Name: github.com/apache/thrift; View open source insights on deps.dev
Purl: pkg:golang/github.com/apache/thrift

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-20151001171628-53dd39833a08

Fixed

0.13.0

Ecosystem specific

{
    "imports": [
        {
            "symbols": [
                "Skip",
                "SkipDefaultDepth",
                "TBinaryProtocol.Skip",
                "TCompactProtocol.Skip",
                "TJSONProtocol.ParseElemListBegin",
                "TJSONProtocol.ReadBool",
                "TJSONProtocol.ReadByte",
                "TJSONProtocol.ReadDouble",
                "TJSONProtocol.ReadFieldBegin",
                "TJSONProtocol.ReadFieldEnd",
                "TJSONProtocol.ReadI16",
                "TJSONProtocol.ReadI32",
                "TJSONProtocol.ReadI64",
                "TJSONProtocol.ReadListBegin",
                "TJSONProtocol.ReadListEnd",
                "TJSONProtocol.ReadMapBegin",
                "TJSONProtocol.ReadMapEnd",
                "TJSONProtocol.ReadMessageBegin",
                "TJSONProtocol.ReadMessageEnd",
                "TJSONProtocol.ReadSetBegin",
                "TJSONProtocol.ReadSetEnd",
                "TJSONProtocol.ReadStructBegin",
                "TJSONProtocol.ReadStructEnd",
                "TJSONProtocol.Skip",
                "TSimpleJSONProtocol.ParseElemListBegin",
                "TSimpleJSONProtocol.ParseF64",
                "TSimpleJSONProtocol.ParseI64",
                "TSimpleJSONProtocol.ParseListBegin",
                "TSimpleJSONProtocol.ParseListEnd",
                "TSimpleJSONProtocol.ParseObjectEnd",
                "TSimpleJSONProtocol.ParseObjectStart",
                "TSimpleJSONProtocol.ReadByte",
                "TSimpleJSONProtocol.ReadDouble",
                "TSimpleJSONProtocol.ReadI16",
                "TSimpleJSONProtocol.ReadI32",
                "TSimpleJSONProtocol.ReadI64",
                "TSimpleJSONProtocol.ReadListBegin",
                "TSimpleJSONProtocol.ReadListEnd",
                "TSimpleJSONProtocol.ReadMapBegin",
                "TSimpleJSONProtocol.ReadMapEnd",
                "TSimpleJSONProtocol.ReadMessageBegin",
                "TSimpleJSONProtocol.ReadMessageEnd",
                "TSimpleJSONProtocol.ReadSetBegin",
                "TSimpleJSONProtocol.ReadSetEnd",
                "TSimpleJSONProtocol.ReadStructBegin",
                "TSimpleJSONProtocol.ReadStructEnd",
                "TSimpleJSONProtocol.Skip",
                "TSimpleJSONProtocol.safePeekContains",
                "TStandardClient.Call",
                "TStandardClient.Recv",
                "tApplicationException.Read"
            ],
            "path": "github.com/apache/thrift/lib/go/thrift"
        }
    ]
}