Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0yaDZjLWozZ2YteHA5cs4AAxh4
IPFS go-bitfield vulnerable to DoS via malformed size arguments
Impact
When feeding untrusted user input into the size parameter of NewBitfield and FromBytes functions, an attacker can trigger panics.
This happen when the size is a not a multiple of 8 or is negative.
There were already a note in the NewBitfield documentation:
Panics if size is not a multiple of 8.
But it incomplete and missing from FromBytes's documentation.
This has been replaced by returning an (Bitfield, error) and returning a non nil error if the size is wrong.
Patches
Workarounds
- Ensure
size%8 == 0 && size >= 0yourself before callingNewBitfieldorFromBytes
References
Permalink: https://github.com/advisories/GHSA-2h6c-j3gf-xp9rJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yaDZjLWozZ2YteHA5cs4AAxh4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
CVSS Score: 5.9
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Percentage: 0.00097
EPSS Percentile: 0.41523
Identifiers: GHSA-2h6c-j3gf-xp9r, CVE-2023-23626
References:
- https://github.com/ipfs/go-bitfield/security/advisories/GHSA-2h6c-j3gf-xp9r
- https://nvd.nist.gov/vuln/detail/CVE-2023-23626
- https://github.com/ipfs/go-bitfield/commit/5e1d256fe043fc4163343ccca83862c69c52e579
- https://pkg.go.dev/vuln/GO-2023-1558
- https://github.com/advisories/GHSA-2h6c-j3gf-xp9r
Blast Radius: 16.0
Affected Packages
go:github.com/ipfs/go-bitfield
Dependent packages: 417Dependent repositories: 506
Downloads:
Affected Version Ranges: < 1.1.0
Fixed in: 1.1.0
All affected versions: 1.0.0
All unaffected versions: 1.1.0