CVE-2023-23626

🗓️ 09 Feb 2023 21:11:15Reported by GitHub_MType

go-bitfield package in go language allows attackers to trigger panics by feeding untrusted user input into the size parameter

Reporter	Title	Published	Views	Family All 9
Cvelist	CVE-2023-23626 Denial of service when feeding malformed size arguments in go-bitfield	9 Feb 202320:54	–	cvelist
OSV	Denial of service via malformed size parameters in github.com/ipfs/go-bitfield	14 Feb 202319:41	–	osv
OSV	CVE-2023-23626	9 Feb 202321:15	–	osv
OSV	IPFS go-bitfield vulnerable to DoS via malformed size arguments	10 Feb 202319:52	–	osv
Vulnrichment	CVE-2023-23626 Denial of service when feeding malformed size arguments in go-bitfield	9 Feb 202320:54	–	vulnrichment
Veracode	Denial Of Service (DoS)	15 Feb 202308:50	–	veracode
Prion	Code injection	9 Feb 202321:15	–	prion
NVD	CVE-2023-23626	9 Feb 202321:15	–	nvd
Github Security Blog	IPFS go-bitfield vulnerable to DoS via malformed size arguments	10 Feb 202319:52	–	github

Nvd

Vulners

Node

protocol go-bitfieldRange<1.1.0go

[
  {
    "vendor": "ipfs",
    "product": "go-bitfield",
    "versions": [
      {
        "version": "< 1.1.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/ipfs/go-bitfield/commit/5e1d256fe043fc4163343ccca83862c69c52e579
github	www.github.com/ipfs/go-bitfield/security/advisories/GHSA-2h6c-j3gf-xp9r

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

09 Feb 2023 21:15Current

6.5Medium risk

Vulners AI Score6.5

CVSS35.9 - 7.5

EPSS0.00097

SSVC

go-bitfield go language performant package security cve-2023-23626 vulnerability upgrade