CVE-2022-39213

go-cvss is a Go module to manipulate Common Vulnerability Scoring System CVSS. In affected versions when a full CVSS v2.0 vector string is parsed using ParseVector, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. The problem is patched in tag v0.4.0, by th...

Go-CVSS has Out-of-bounds Read vulnerability in ParseVector function

Impact When a full CVSS v2.0 vector string is parsed using ParseVector, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. Patches The problem is patched in tag v0.4.0, by the commit d9d478ff0c13b8b09ace030db9262f3c2fe031f4. Workarounds The only way to avoid ...

GHSA-XHMF-MMV2-4HHX Go-CVSS has Out-of-bounds Read vulnerability in ParseVector function

Impact When a full CVSS v2.0 vector string is parsed using ParseVector, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. Patches The problem is patched in tag v0.4.0, by the commit d9d478ff0c13b8b09ace030db9262f3c2fe031f4. Workarounds The only way to avoid ...

CVE-2022-39213 Out-of-bounds Read in go-cvss

go-cvss is a Go module to manipulate Common Vulnerability Scoring System CVSS. In affected versions when a full CVSS v2.0 vector string is parsed using ParseVector, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. The problem is patched in tag v0.4.0, by th...

CVE-2022-39213

CVE-2022-39213 affects the Go module go-cvss . In affected versions, parsing a full CVSS v2.0 vector with the function ParseVector can trigger an Out-of-Bounds Read, resulting in a panic. The issue is fixed in tag v0.4.0 (commit d9d478ff0c13b8b09ace030db9262f3c2fe031f4); upgrading to that release...

CVE-2022-39213 Out-of-bounds Read in go-cvss

go-cvss is a Go module to manipulate Common Vulnerability Scoring System CVSS. In affected versions when a full CVSS v2.0 vector string is parsed using ParseVector, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. The problem is patched in tag v0.4.0, by th...

PT-2022-24814 · Go-Cvss · Go-Cvss

Name of the Vulnerable Software and Affected Versions: go-cvss versions prior to v0.4.0 Description: The issue arises when a full CVSS v2.0 vector string is parsed using the ParseVector function, potentially leading to an Out-of-Bounds Read due to a lack of tests, causing the Go module to panic...

Go-CVSS 缓冲区错误漏洞

Go-CVSS is a low-allocation Go module from the Lucas TESSON personal developer. It is used to operate the Common Vulnerability Scoring System CVSS. A buffer error vulnerability exists in Go-CVSS versions prior to v0.4.0, which stems from a potential out-of-bounds read due to lack of testing when...