EUVD-2022-7573

Malicious code in bioql PyPI...

CVE-2022-2584

The dag-pb codec can panic when decoding invalid blocks...

Duplicate Advisory: go-codec-dagpb vulnerable to panic when decoding invalid blocks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g3vv-g2j5-45f2. This link is maintained to preserve external references. Original Description go-codec-dagpb is an implementation of the DAG-PB spec for Go. The dag-pb codec can panic when decoding invalid block...

CVE-2022-2584

The dag-pb codec can panic when decoding invalid blocks...

CVE-2022-2584

The dag-pb codec can panic when decoding invalid blocks...

Information disclosure

The dag-pb codec can panic when decoding invalid blocks...

CVE-2022-2584 Panic when decoding invalid blocks in github.com/ipld/go-codec-dagpb

The dag-pb codec can panic when decoding invalid blocks...

CVE-2022-2584

CVE-2022-2584 affects go-codec-dagpb (github.com/ipld/go-codec-dagpb). The dag-pb codec can panic when decoding invalid blocks, causing a potential DoS by crashing the application. The issue has been patched in version 1.3.1. Embed: affected component is the dag-pb codec; root cause is panic on i...

go-dagpb 缓冲区错误漏洞

go-dagpb is an IPLD open source implementation of the DAG-PB Go specification. A security vulnerability exists in go-dagpb that stems from the fact that the dag-pb codec may crash when decoding an invalid block...

CVE-2022-23495

go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...

CVE-2022-23495 ProtoNode may be modified such that common method calls may panic in ipfs/go-merkledag

go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...

GO-2022-0422 Panic when decoding invalid blocks in github.com/ipld/go-codec-dagpb

The dag-pb codec can panic when decoding invalid blocks...

PT-2022-17563 · Unknown · Go-Codec-Dagpb

Name of the Vulnerable Software and Affected Versions: go-codec-dagpb versions prior to 1.3.1 Description: The dag-pb codec can panic when decoding invalid blocks, due to an assumption that the reported link length is accurate. If the block ends before the reported length, it results in a buffer...

cid (>=0.3.2 <=0.4.0), dag-cbor (=0.1.0) +41 more potentially affected by CVE-2020-35909 via multihash (=0.10.1)

multihash CARGO version =0.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on multihash and may be impacted: - cid =0.3.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.5.1, =0.0.1, =0.0.2 - libipld =0.1.0 - libipld-base =0.1.0 - libipld-core...