4 matches found
GO-2022-1002 Panic in github.com/pandatix/go-cvss
ParseVector can panic when provided with invalid input...
Go-CVSS has Out-of-bounds Read vulnerability in ParseVector function
Impact When a full CVSS v2.0 vector string is parsed using ParseVector, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. Patches The problem is patched in tag v0.4.0, by the commit d9d478ff0c13b8b09ace030db9262f3c2fe031f4. Workarounds The only way to avoid ...
GHSA-XHMF-MMV2-4HHX Go-CVSS has Out-of-bounds Read vulnerability in ParseVector function
Impact When a full CVSS v2.0 vector string is parsed using ParseVector, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. Patches The problem is patched in tag v0.4.0, by the commit d9d478ff0c13b8b09ace030db9262f3c2fe031f4. Workarounds The only way to avoid ...
CVE-2022-39213 Out-of-bounds Read in go-cvss
go-cvss is a Go module to manipulate Common Vulnerability Scoring System CVSS. In affected versions when a full CVSS v2.0 vector string is parsed using ParseVector, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. The problem is patched in tag v0.4.0, by th...