Denial Of Service (DoS)

github.com/ipfs/go-unixfs is vulnerable to Denial Of Service DoS. The vulnerability exists because hamt.go doesn't properly handle malformed HAMT structures while reading data in the bogus fanout parameter in the HAMT directory nodes, which leads to memory leaks, allowing an attacker to cause an...

CVE-2023-23625

go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout paramete...

Design/Logic Flaw

github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing. In versions priot to 1.5.2 trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an...

CVE-2023-23631

The CVE-2023-23631 entry affects github.com/ipfs/go-unixfsnode, an ADL IPLD prime node that wraps go-codec-dagpb protobuf to enable pathing. The root cause is a bogus fanout parameter in HAMT directory nodes, and reading malformed HAMT sharded directories can trigger panics and virtual memory lea...