CVE-2023-23625 Denial of service in HAMT Decoding in go-unixfs

go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout paramete...

CVE-2023-23631 HAMT Decoding Panics in github.com/ipfs/go-unixfsnode

github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing. In versions priot to 1.5.2 trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an...

CVE-2023-23631 HAMT Decoding Panics in github.com/ipfs/go-unixfsnode

github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing. In versions priot to 1.5.2 trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an...

CVE-2023-23631

The CVE-2023-23631 entry affects github.com/ipfs/go-unixfsnode, an ADL IPLD prime node that wraps go-codec-dagpb protobuf to enable pathing. The root cause is a bogus fanout parameter in HAMT directory nodes, and reading malformed HAMT sharded directories can trigger panics and virtual memory lea...

Denial Of Service (DoS)

github.com/ipld/go-codec-dagpb is vulnerable to denial of service. The vulnerability exists when dag-pb codec decodes an invalid block which allows an attacker to cause an application crash...

GHSA-C653-6HHG-9X92 go-ipld-prime/codec/json may panic if asked to encode bytes

go-ipld-prime is a series of Go interfaces for manipulating IPLD data and a Go module that contains the go-ipld-prime/codec/json codec. Impact Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON encoder which will panic as it doesn't expect to receive Bytes tokens...

go-ipld-prime/codec/json may panic if asked to encode bytes

go-ipld-prime is a series of Go interfaces for manipulating IPLD data and a Go module that contains the go-ipld-prime/codec/json codec. Impact Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON encoder which will panic as it doesn't expect to receive Bytes tokens...

CVE-2023-22460

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON...

Code injection

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON...

CVE-2023-22460 go-ipld-prime json codec may panic if asked to encode bytes

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON...

CVE-2023-22460 go-ipld-prime json codec may panic if asked to encode bytes

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON...

CVE-2023-22460 go-ipld-prime json codec may panic if asked to encode bytes

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON...

CVE-2023-22460

CVE-2023-22460 affects go-ipld-prime’s JSON codec. Encoding data containing a Bytes kind Node with the json codec will pass a Bytes token to the JSON encoder, causing a panic; the issue does not affect the dag-json codec or decoding. The root cause is limited to the json encoder path, and the vul...

go-ipld-prime 输入验证错误漏洞

go-ipld-prime is an IPLD open source implementation of the ipld specification interface. A input validation error vulnerability exists in go-ipld-prime, which stems from the fact that its encoded data containing Bytes class nodes will pass a Bytes token to the JSON encoder, since it does not expe...

PT-2023-18513 · Unknown · Go-Ipld-Prime

Name of the Vulnerable Software and Affected Versions: go-ipld-prime versions prior to 0.19.0 Description: The issue arises when encoding data that contains a Bytes kind Node using the json codec, causing the encoder to panic as it does not expect to receive Bytes tokens. This should be treated a...

CVE-2022-2584 Panic when decoding invalid blocks in github.com/ipld/go-codec-dagpb

The dag-pb codec can panic when decoding invalid blocks...

CVE-2022-23495

go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...

GO-2022-0503 Denial of service via malformed CAR data in github.com/ipld/go-car and go-car/v2

Decoding malformed CAR data can cause panics or excessive memory usage...

Denial Of Service (DoS)

github.com/ipld/go-car is vulnerable to denial of service. The vulnerability exists in LdRead function in util.go because the decoding of CAR data is not properly handled which leads to an excessive memory usage causing an application crash...

Malformed CAR panics and excessive memory usage

Impact Versions impacted = [email protected] = [email protected] Description of user-facing changes...