Denial of service via HAMT Decoding Panics
Package
Affected versions
< 0.4.3
Patched versions
0.4.3
Description
Published by the National Vulnerability Database
Feb 9, 2023
Published to the GitHub Advisory Database
Feb 10, 2023
Reviewed
Feb 10, 2023
Last updated
May 20, 2024
Impact
Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks.
If you are reading untrusted user input, an attacker can then trigger a panic.
This is caused by bogus
fanout
parameter in the HAMT directory nodes.This include checks returned in ipfs/go-bitfield GHSA-2h6c-j3gf-xp9r, as well as limiting the
fanout
to<= 1024
(to avoid attempts of arbitrary sized allocations).Patches
Workarounds
Do not feed untrusted user data to the decoding functions.
References
References