CVE-2023-23626

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-23626
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-23626.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-23626
Aliases
Related
Published
2023-02-09T21:15:11Z
Modified
2025-01-08T14:42:05.193469Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. When feeding untrusted user input into the size parameter of NewBitfield and FromBytes functions, an attacker can trigger panics. This happen when the size is a not a multiple of 8 or is negative. There were already a note in the NewBitfield documentation, however known users of this package are subject to this issue. Users are advised to upgrade. Users unable to upgrade should ensure that size is a multiple of 8 before calling NewBitfield or FromBytes.

References

Affected packages

Git / github.com/ipfs/go-bitfield

Affected ranges

Type
GIT
Repo
https://github.com/ipfs/go-bitfield
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5e1d256fe043fc4163343ccca83862c69c52e579
Fixed
5e1d256fe043fc4163343ccca83862c69c52e579

Affected versions

v1.*

v1.0.0