libmaxminddb is vulnerable to denial of service. A heap-based buffer over-read in dump_entry_data_list
in maxminddb.c
allows an attacker to crash the application.
github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3
github.com/maxmind/libmaxminddb/issues/236
github.com/maxmind/libmaxminddb/pull/237
lists.debian.org/debian-lts-announce/2020/11/msg00019.html
lists.fedoraproject.org/archives/list/[email protected]/message/6WUK4UCOB5FJVK36E22IRLEYGKMUWGBG/
lists.fedoraproject.org/archives/list/[email protected]/message/ELTOHZBPO6XVUVADP4DPZBNQCPTYOQBV/
secdb.alpinelinux.org/v3.10/main.yaml
secdb.alpinelinux.org/v3.11/main.yaml
secdb.alpinelinux.org/v3.12/main.yaml
security.gentoo.org/glsa/202011-15