GHSA-m6m5-pp4g-fcc8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m6m5-pp4g-fcc8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-m6m5-pp4g-fcc8/GHSA-m6m5-pp4g-fcc8.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-m6m5-pp4g-fcc8
- Aliases
- Published
- 2021-10-06T17:47:35Z
- Modified
- 2024-08-21T14:57:43.818822Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- S3 storage write is not aborted on errors leading to unbounded memory usage
- Details
-
Impact
Anyone using storage.blob.s3 introduced in 0.5.0 with storage.imapsql.
storage.imapsql local_mailboxes { ... msg_store s3 { ... } }Patches
The relevant commit is pushed to master and will be included in the 0.5.1 release.
No special handling of the issue has been done due to the small amount of affected users.
Workarounds
None.
References
- Original report: https://github.com/foxcpp/maddy/issues/395
- Fix: https://github.com/foxcpp/maddy/commit/07c8495ee4394fabbf5aac4df8aebeafb2fb29d8
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-772" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2021-10-06T16:48:49Z" }- References
Affected packages
Go / github.com/foxcpp/maddy
Package
- Name
- github.com/foxcpp/maddy
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/foxcpp/maddy