7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
36.5%
When feeding untrusted user input into the size parameter of NewBitfield
and FromBytes
functions, an attacker can trigger panic
s.
This happen when the size
is a not a multiple of 8
or is negative.
There were already a note in the NewBitfield
documentation:
> ```
> Panics if size is not a multiple of 8.
> ````
But it incomplete and missing from FromBytes
’s documentation.
This has been replaced by returning an (Bitfield, error)
and returning a non nil error if the size is wrong.
size%8 == 0 && size >= 0
yourself before calling NewBitfield
or FromBytes
CPE | Name | Operator | Version |
---|---|---|---|
github.com/ipfs/go-bitfield | lt | 1.1.0 |