GO-2022-1098
- Source
- https://pkg.go.dev/vuln/GO-2022-1098
- Import Source
- https://vuln.go.dev/ID/GO-2022-1098.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GO-2022-1098
- Aliases
- Published
- 2022-11-08T16:49:06Z
- Modified
- 2024-05-20T16:03:47Z
- Summary
- Denial of service in message decoding in github.com/btcsuite/btcd
- Details
-
Erroneous message decoding can cause denial of service.
Improper checking of maximum witness size during node message decoding prevented nodes in Lightning Labs lnd (before 0.15.2-beta) to sync.
- Database specific
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2022-1098" }- References
- Credits
-
-
- rsafier (Github user)
-
- Roasbeef (Github user)
-
Affected packages
Go / github.com/btcsuite/btcd
Package
- Name
- github.com/btcsuite/btcd
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/btcsuite/btcd
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.23.2
Ecosystem specific
{
"imports": [
{
"path": "github.com/btcsuite/btcd/wire",
"symbols": [
"MsgBlock.BtcDecode",
"MsgBlock.Deserialize",
"MsgBlock.DeserializeNoWitness",
"MsgBlock.DeserializeTxLoc",
"MsgTx.BtcDecode",
"MsgTx.Deserialize",
"MsgTx.DeserializeNoWitness",
"ReadMessage",
"ReadMessageN",
"ReadMessageWithEncodingN"
]
}
]
}