7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
38.0%
Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks.
If you are reading untrusted user input, an attacker can then trigger a panic.
This is caused by bogus fanout
parameter in the HAMT directory nodes.
This include checks returned in ipfs/go-bitfield GHSA-2h6c-j3gf-xp9r, as well as limiting the fanout
to <= 1024
(to avoid attempts of arbitrary sized allocations).
Do not feed untrusted user data to the decoding functions.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/ipfs/go-unixfs | lt | 0.4.3 |