Lucene search

Veracode Vulnerability DatabaseVERACODE:47849

HistoryJul 02, 2024 - 6:16 a.m.

Denial Of Service (DoS)

2024-07-0206:16:54

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

memory allocation

system resources

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

JSON

github.com/gorilla/schema is vulnerable to Denial of Service (DoS). The vulnerability is caused due to unrestricted memory allocation triggered by manipulating the slice index (idx) beyond the configured maxSize. This allows an attacker to exhaust system resources and potentially crash the application.

CPENameOperatorVersion
github.com/gorilla/schemale1.4.0
github.com/gorilla/schemale1.4.0

CPE	Name	Operator	Version
	github.com/gorilla/schema	le	1.4.0
	github.com/gorilla/schema	le	1.4.0

References

github.com/advisories/GHSA-3669-72x9-r9p3

github.com/gorilla/schema/blob/main/decoder.go#L223

github.com/gorilla/schema/commit/cd59f2f12cbdfa9c06aa63e425d1fe4a806967ff

github.com/gorilla/schema/security/advisories/GHSA-3669-72x9-r9p3

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

JSON

Related for VERACODE:47849