x/vulndb: potential Go vuln in google.golang.org/protobuf/encoding/prototext #1631
Assignees
Labels
Comments
|
Change https://go.dev/cl/476098 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Mar 14, 2023
Aliases: CVE-2023-24535 Updates #1631 Change-Id: If969c534b888ca71d337a6dc85e691839973488d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/476098 TryBot-Result: Gopher Robot <[email protected]> Run-TryBot: Damien Neil <[email protected]> Reviewed-by: Tatiana Bradley <[email protected]> Auto-Submit: Damien Neil <[email protected]>
|
Change https://go.dev/cl/476455 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Mar 15, 2023
add aliases: GHSA-hw7c-3rfg-p46j Updates #1631 Change-Id: Ic49d5769d5c831af2bfbcd3f4f8e20d2ae4e9b8a Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/476455 TryBot-Result: Gopher Robot <[email protected]> Run-TryBot: Jonathan Amsterdam <[email protected]> Reviewed-by: Tatiana Bradley <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Parsing invalid messages can panic.
Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.
Affected Modules, Packages, Versions and Symbols
Does this vulnerability already have an associated CVE ID?
No
CVE ID
No response
Credit
No response
CWE ID
No response
Pull Request
https://go.dev/cl/475995
Commit
No response
References
Additional information
No response
The text was updated successfully, but these errors were encountered: