IPFS go-bitfield vulnerable to DoS via malformed size arguments
Package
Affected versions
< 1.1.0
Patched versions
1.1.0
Description
Published by the National Vulnerability Database
Feb 9, 2023
Published to the GitHub Advisory Database
Feb 10, 2023
Reviewed
Feb 10, 2023
Last updated
Jun 13, 2023
Impact
When feeding untrusted user input into the size parameter of
NewBitfield
andFromBytes
functions, an attacker can triggerpanic
s.This happen when the
size
is a not a multiple of8
or is negative.There were already a note in the
NewBitfield
documentation:But it incomplete and missing from
FromBytes
's documentation.This has been replaced by returning an
(Bitfield, error)
and returning a non nil error if the size is wrong.Patches
Workarounds
size%8 == 0 && size >= 0
yourself before callingNewBitfield
orFromBytes
References
References