3 matches found
CVE-2023-23631
github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing. In versions priot to 1.5.2 trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an...
CVE-2023-23631 HAMT Decoding Panics in github.com/ipfs/go-unixfsnode
github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing. In versions priot to 1.5.2 trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an...
CVE-2023-23631
The CVE-2023-23631 entry affects github.com/ipfs/go-unixfsnode, an ADL IPLD prime node that wraps go-codec-dagpb protobuf to enable pathing. The root cause is a bogus fanout parameter in HAMT directory nodes, and reading malformed HAMT sharded directories can trigger panics and virtual memory lea...