9 matches found
Design/Logic Flaw
go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout paramete...
CVE-2023-23625
CVE-2023-23625 affects go-unixfs, an implementation atop ipld merkledag. A malformed HAMT sharded directory with a bogus fanout parameter can trigger panics and virtual memory leaks when decoding untrusted input. Affected version is prior to 0.4.3; upgrade to 0.4.3 or apply safe decoding practice...
CVE-2023-23625 Denial of service in HAMT Decoding in go-unixfs
go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout paramete...
CVE-2022-23495
go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...
Input validation
go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...
CVE-2022-23495 ProtoNode may be modified such that common method calls may panic in ipfs/go-merkledag
go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...
CVE-2022-23495
CVE-2022-23495 concerns go-merkledag where a modified or decoded ProtoNode can be placed into an unencodeable form, causing encode errors that panic on calls that do not return errors. This behavior is tied to the DAGService/IPLD node handling and may be triggered by inputs using a non-validated ...
CVE-2022-23495 ProtoNode may be modified such that common method calls may panic in ipfs/go-merkledag
go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...
go-merkledag 安全漏洞
go-merkledag is an IPFS open source library . It implements the DAGService interface. A security vulnerability exists in go-merkledag that stems from the possibility that its ProtoNode could be modified in a way that causes various coding errors that would trigger panics on common method calls th...