github.com/ipfs/go-merkledag is vulnerable to denial of service (DoS) attacks. Several methods, which internally require a re-encode if the state has changed, may panic due to the inability to return an error which allows a remote attacker to trigger a panic via modifying the ProtoNode
resulting in denial of service conditions.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/ipfs/go-merkledag | le | v0.8.0 | |
github.com/ipfs/go-merkledag | le | v0.8.0 |
en.wikipedia.org/wiki/Directed_acyclic_graph
github.com/ipfs/go-merkledag/commit/51b4c32dd3df813bdad9bad154e8ffab39a4daa7
github.com/ipfs/go-merkledag/commit/738cf434c9a254c335d170bdeddbac490bb06570
github.com/ipfs/go-merkledag/issues/90
github.com/ipfs/go-merkledag/pull/91
github.com/ipfs/go-merkledag/pull/92
github.com/ipfs/go-merkledag/pull/93
github.com/ipfs/go-merkledag/releases/tag/v0.8.0
github.com/ipfs/go-merkledag/releases/tag/v0.8.1
github.com/ipfs/go-merkledag/security/advisories/GHSA-x39j-h85h-3f46
github.com/ipfs/kubo/issues/9297