3 matches found
ciguard: SCA HTTP client reads response body without size cap
Summary Both SCA HTTP clients src/ciguard/analyzer/sca/osv.py and src/ciguard/analyzer/sca/endoflife.py call payload = json.loadsresp.read.decode'utf-8' without a maximum-bytes cap. A hostile or compromised endoflife.date / OSV.dev or a successful TLS MITM could return a multi-GB response,...
golang: encoding/pem: fix stack overflow in Decode
A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input more than 5 MB, causing a stack overflow in Decode, which leads to a loss of availability...
golang: encoding/pem: fix stack overflow in Decode
A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input more than 5 MB, causing a stack overflow in Decode, which leads to a loss of availability...