Lucene search

K

Veracode Vulnerability DatabaseVERACODE:42030

HistoryAug 04, 2023 - 2:23 a.m.

Denial Of Service (DoS)

2023-08-0402:23:22

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

13

vulnerability

golang.org/x/image

dos

tiled tiff image

excessive cpu consumption

application crash

application slowdowns

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

47.6%

golang.org/x/image is vulnerable to Denial of Service (DoS). The vulnerability exists when reader.go parses a tiled tiff image with a height of 0, and has a very large width which results in excessive CPU consumption while decoding, possibly allowing an attacker to cause an application crash or application slowdowns.

References

github.com/advisories/GHSA-j3p8-6mrq-6g7h

github.com/golang/go/issues/61581

github.com/golang/image/commit/cb227cd2c919b27c6206fe0c1041a8bcc677949d

go-review.googlesource.com/c/image/+/514897

go.dev/cl/514897

go.dev/issue/61581

lists.fedoraproject.org/archives/list/[email protected]/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/

lists.fedoraproject.org/archives/list/[email protected]/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/

lists.fedoraproject.org/archives/list/[email protected]/message/XZTEP6JYILRBNDTNWTEQ5D4QUUVQBESK/

pkg.go.dev/vuln/GO-2023-1990

security.netapp.com/advisory/ntap-20230831-0009/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

47.6%

Related for VERACODE:42030

prion1 debiancve1 cvelist1 osv3 ubuntucve1 github1 cve1 redhatcve1 gitlab1 nvd1 fedora3 redos1 openvas3 nessus3