CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
41.3%
Fuzz testing on crossplane/crossplane
, by Ada Logics and sponsored by the CNCF, identified input to a function in the fieldpath
package that can cause an out of memory panic. Applications that use the Paved
type’s SetValue
method with user provided input without proper validation might use excessive amounts of memory and cause an out of memory panic.
In the fieldpath
package, the SetValue
method of the Paved
type sets a value on the inner object according to the provided path, without validating it first. This allows setting values in slices at any specific index and the code will grow the target array up to the required size. The index is currently capped at max uint32 (4294967295) given how indexes are parsed, but that is still an unnecessarily large value.
Users can parse and validate the path before passing it to the SetValue
method of the Paved
type, constraining the index size as deemed appropriate.
Disclosed by Ada Logics in a fuzzing audit sponsored by CNCF.
github.com/crossplane/crossplane-runtime
github.com/crossplane/crossplane-runtime/commit/53508a9f4374604db140dd8ab2fa52276441e738
github.com/crossplane/crossplane-runtime/commit/f67177024d906aaf5e13ee7cd470b4e87a9fef40
github.com/crossplane/crossplane-runtime/security/advisories/GHSA-vfvj-3m3g-m532
nvd.nist.gov/vuln/detail/CVE-2023-27483
pkg.go.dev/vuln/GO-2023-1623