3 matches found
CVE-2023-23625
go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout paramete...
CVE-2023-23625 Denial of service in HAMT Decoding in go-unixfs
go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout paramete...
CVE-2023-23625
CVE-2023-23625 affects go-unixfs, an implementation atop ipld merkledag. A malformed HAMT sharded directory with a bogus fanout parameter can trigger panics and virtual memory leaks when decoding untrusted input. Affected version is prior to 0.4.3; upgrade to 0.4.3 or apply safe decoding practice...