Lucene search

K

Veracode Vulnerability DatabaseVERACODE:42031

HistoryAug 04, 2023 - 2:49 a.m.

Denial Of Service (DoS)

2023-08-0402:49:20

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10

vulnerability

golang.org

image

denial of service

attack

unbounded

size decoding

maliciously crafted

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

47.6%

golang.org/x/image is vulnerable to Denial Of Service (DoS). The vulnerability exists because reader.go does not properly limit the size of compressed tiff data while decoding, which allows an attacker to cause an application slowdown by providing a maliciously crafted image.

References

github.com/golang/go/issues/61582

github.com/golang/image/commit/cb227cd2c919b27c6206fe0c1041a8bcc677949d

go-review.googlesource.com/c/image/+/514897

go.dev/cl/514897

go.dev/issue/61582

lists.fedoraproject.org/archives/list/[email protected]/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/

lists.fedoraproject.org/archives/list/[email protected]/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/

lists.fedoraproject.org/archives/list/[email protected]/message/XZTEP6JYILRBNDTNWTEQ5D4QUUVQBESK/

pkg.go.dev/vuln/GO-2023-1989

security.netapp.com/advisory/ntap-20230831-0009/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

47.6%

Related for VERACODE:42031

redhatcve1 osv5 prion1 nvd1 cvelist1 gitlab1 cve1 ubuntucve1 debiancve1 github1 nessus3 openvas3 fedora3 redos1