10 matches found
CVE-2022-23495
go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...
GO-2022-1155 Panic in github.com/ipfs/go-merkledag
A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. Additionally, use of the ProtoNode.SetCidBuilder method to set non-functioning CidBuilder such as one that refers to a multihash where ...
Denial Of Service (DoS)
github.com/ipfs/go-merkledag is vulnerable to denial of service DoS attacks. Several methods, which internally require a re-encode if the state has changed, may panic due to the inability to return an error which allows a remote attacker to trigger a panic via modifying the ProtoNode resulting in...
CVE-2022-23495
go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...
Input validation
go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...
CVE-2022-23495 ProtoNode may be modified such that common method calls may panic in ipfs/go-merkledag
go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...
CVE-2022-23495
CVE-2022-23495 concerns go-merkledag where a modified or decoded ProtoNode can be placed into an unencodeable form, causing encode errors that panic on calls that do not return errors. This behavior is tied to the DAGService/IPLD node handling and may be triggered by inputs using a non-validated ...
CVE-2022-23495 ProtoNode may be modified such that common method calls may panic in ipfs/go-merkledag
go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...
go-merkledag's ProtoNode may be modified such that common method calls may panic
Impact A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode should only be able to encode to valid DAG-PB, attempting to encode invalid DAG-PB forms will result in an error fro...
GHSA-X39J-H85H-3F46 go-merkledag's ProtoNode may be modified such that common method calls may panic
Impact A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode should only be able to encode to valid DAG-PB, attempting to encode invalid DAG-PB forms will result in an error fro...