Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00Y3h3LWhxNDQtcjM0NM0uNQ
Off-by-one Error in v2fly/v2ray-core
v2fly/v2ray-core prior to 4.44.0 is vulnerable to an off-by-one error. Indexing operations on arrays, slices, or strings should use an index at most one less than the length. If the index is checked for being less than or equal to the length (<=
), instead of less than the length (<
), the index could be out of bounds.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00Y3h3LWhxNDQtcjM0NM0uNQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 2 years ago
Updated: about 1 year ago
CVSS Score: 9.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Identifiers: GHSA-4cxw-hq44-r344, CVE-2021-4070
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-4070
- https://github.com/v2fly/v2ray-core/commit/c1af2bfd7aa59a4482aa7f6ec4b9208c1d350b5c
- https://huntr.dev/bounties/8da19456-4d89-41ef-9781-a41efd6a1877
- https://github.com/advisories/GHSA-4cxw-hq44-r344
Blast Radius: 17.7
Affected Packages
go:github.com/v2fly/v2ray-core
Dependent packages: 4Dependent repositories: 9
Downloads:
Affected Version Ranges: < 4.44.0
No known fixed version
All affected versions: 0.6.1, 0.6.2, 0.9.1, 0.14.1, 0.14.2, 0.14.3, 0.14.4, 0.14.5, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.9.1, 1.11.1, 1.11.2, 1.12.1, 1.12.2, 1.12.3, 1.12.4, 1.12.5, 1.12.6, 1.12.7, 1.12.8, 1.12.9, 1.13.1, 1.17.1, 1.17.2, 1.17.3, 1.18.1, 1.18.2, 1.19.1, 1.19.2, 1.21.1, 1.21.2, 1.23.1, 1.24.1, 1.24.2, 1.24.3, 1.24.4, 2.1.1, 2.1.2, 2.2.1, 2.3.1, 2.3.2, 2.3.3, 2.4.1, 2.4.2, 2.5.1, 2.5.2, 2.6.1, 2.7.1, 2.8.1, 2.8.2, 2.8.3, 2.10.1, 2.10.2, 2.10.3, 2.10.4, 2.10.5, 2.11.1, 2.11.2, 2.12.1, 2.13.1, 2.13.2, 2.14.1, 2.15.1, 2.16.1, 2.16.2, 2.16.3, 2.16.4, 2.16.5, 2.16.6, 2.16.7, 2.17.1, 2.18.1, 2.18.2, 2.19.1, 2.19.2, 2.19.3, 2.19.4, 2.19.5, 2.19.6, 2.19.7, 2.20.1, 2.20.2, 2.21.1, 2.21.2, 2.21.3, 2.22.1, 2.23.1, 2.23.2, 2.23.3, 2.23.4, 2.24.1, 2.24.2, 2.24.3, 2.25.1, 2.25.2, 2.27.1, 2.31.1, 2.33.1, 2.36.1, 2.36.2, 2.36.3, 2.38.1, 2.38.2, 2.40.1, 2.40.2, 2.42.1, 2.43.1, 2.43.2, 2.43.3, 2.46.1, 2.51.1, 2.51.2, 3.0.1, 3.8.1, 3.11.1, 3.11.2, 3.11.3, 3.17.1, 3.17.2, 3.17.3, 3.18.1, 3.18.2, 3.19.1, 3.21.1, 3.23.1, 3.23.2, 3.24.1, 3.25.1, 3.27.1, 3.30.1, 3.31.1, 3.32.1, 3.33.1, 3.37.1, 3.37.2, 3.37.3, 3.37.4, 3.37.5, 3.37.6, 3.45.1, 3.46.1, 3.46.2, 3.46.3, 3.46.4, 3.50.1, 3.50.2, 4.0.1, 4.0.2, 4.1.1, 4.5.0, 4.6.0, 4.6.1, 4.6.2, 4.6.3, 4.6.4, 4.6.5, 4.6.6, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.8.0, 4.9.0, 4.10.0, 4.11.0, 4.12.0, 4.13.0, 4.14.0, 4.14.1, 4.14.2, 4.15.0
go:github.com/v2fly/v2ray-core/v4
Dependent packages: 65Dependent repositories: 88
Downloads:
Affected Version Ranges: < 4.44.0
Fixed in: 4.44.0
All affected versions: 4.0.1, 4.0.2, 4.1.1, 4.5.0, 4.6.0, 4.6.1, 4.6.2, 4.6.3, 4.6.4, 4.6.5, 4.6.6, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.8.0, 4.9.0, 4.10.0, 4.11.0, 4.12.0, 4.13.0, 4.14.0, 4.14.1, 4.14.2, 4.15.0, 4.15.1, 4.16.0, 4.16.1, 4.16.2, 4.16.3, 4.17.0, 4.18.0, 4.18.1, 4.18.2, 4.19.1, 4.20.0, 4.20.1, 4.20.2, 4.20.3, 4.20.4, 4.20.5, 4.21.0, 4.21.1, 4.21.2, 4.21.3, 4.21.5, 4.21.6, 4.21.7, 4.22.0, 4.22.1, 4.23.2, 4.23.3, 4.23.4, 4.24.0, 4.24.1, 4.24.2, 4.25.0, 4.25.1, 4.26.0, 4.27.0, 4.27.4, 4.27.5, 4.28.0, 4.28.1, 4.28.2, 4.29.0, 4.30.0, 4.31.0, 4.31.1, 4.31.2, 4.31.3, 4.32.0, 4.32.1, 4.33.0, 4.34.0, 4.35.0, 4.35.1, 4.36.0, 4.36.1, 4.36.2, 4.37.0, 4.37.1, 4.37.2, 4.37.3, 4.38.0, 4.38.1, 4.38.2, 4.38.3, 4.39.0, 4.39.1, 4.39.2, 4.40.0, 4.40.1, 4.41.0, 4.41.1, 4.42.0, 4.42.1, 4.42.2, 4.43.0
All unaffected versions: 4.44.0, 4.45.0, 4.45.1, 4.45.2