GO-2023-1930

See a problem?
Please try reporting it to the source first.

Source

https://pkg.go.dev/vuln/GO-2023-1930

Import Source

https://vuln.go.dev/ID/GO-2023-1930.json

JSON Data

https://api.test.osv.dev/v1/vulns/GO-2023-1930

Aliases

Published

2023-07-25T22:53:22Z

Modified

2024-05-20T16:03:47Z

Summary

Unrestricted memory consumption in github.com/hamba/avro

Details

Unrestricted memory consumption in github.com/hamba/avro

Database specific

{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2023-1930"
}

References

Affected packages

Go / github.com/hamba/avro/v2

Package

Name: github.com/hamba/avro/v2; View open source insights on deps.dev
Purl: pkg:golang/github.com/hamba/avro/v2

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.13.0

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/hamba/avro/v2",
            "symbols": [
                "Decoder.Decode",
                "Reader.ReadArrayCB",
                "Reader.ReadBytes",
                "Reader.ReadMapCB",
                "Reader.ReadNext",
                "Reader.ReadString",
                "Reader.ReadVal",
                "Reader.readBytes",
                "Unmarshal",
                "arrayDecoder.Decode",
                "bytesCodec.Decode",
                "bytesDecimalCodec.Decode",
                "bytesDecimalPtrCodec.Decode",
                "dereferenceDecoder.Decode",
                "efaceDecoder.Decode",
                "frozenConfig.Unmarshal",
                "mapDecoder.Decode",
                "mapSkipDecoder.Decode",
                "mapUnionDecoder.Decode",
                "recordIfaceDecoder.Decode",
                "recordMapDecoder.Decode",
                "recordSkipDecoder.Decode",
                "referenceDecoder.Decode",
                "sliceSkipDecoder.Decode",
                "stringCodec.Decode",
                "structDecoder.Decode",
                "textMarshalerCodec.Decode",
                "unionPtrDecoder.Decode",
                "unionResolvedDecoder.Decode",
                "unionSkipDecoder.Decode"
            ]
        }
    ]
}

Go / github.com/hamba/avro

Package

Name: github.com/hamba/avro; View open source insights on deps.dev
Purl: pkg:golang/github.com/hamba/avro

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/hamba/avro",
            "symbols": [
                "Decoder.Decode",
                "Reader.ReadArrayCB",
                "Reader.ReadBytes",
                "Reader.ReadMapCB",
                "Reader.ReadNext",
                "Reader.ReadString",
                "Reader.ReadVal",
                "Unmarshal",
                "arrayDecoder.Decode",
                "bytesCodec.Decode",
                "bytesDecimalCodec.Decode",
                "bytesDecimalPtrCodec.Decode",
                "dereferenceDecoder.Decode",
                "efaceDecoder.Decode",
                "frozenConfig.Unmarshal",
                "mapDecoder.Decode",
                "mapSkipDecoder.Decode",
                "mapUnionDecoder.Decode",
                "recordIfaceDecoder.Decode",
                "recordMapDecoder.Decode",
                "recordSkipDecoder.Decode",
                "referenceDecoder.Decode",
                "sliceSkipDecoder.Decode",
                "stringCodec.Decode",
                "structDecoder.Decode",
                "textMarshalerCodec.Decode",
                "unionPtrDecoder.Decode",
                "unionResolvedDecoder.Decode",
                "unionSkipDecoder.Decode"
            ]
        }
    ]
}