GHSA-4cxw-hq44-r344

Source

https://github.com/advisories/GHSA-4cxw-hq44-r344

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-4cxw-hq44-r344/GHSA-4cxw-hq44-r344.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-4cxw-hq44-r344

Aliases

Published

2022-02-24T00:00:52Z

Modified

2024-08-21T15:27:03.016510Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

Off-by-one Error in v2fly/v2ray-core

Details

v2fly/v2ray-core prior to 4.44.0 is vulnerable to an off-by-one error. Indexing operations on arrays, slices, or strings should use an index at most one less than the length. If the index is checked for being less than or equal to the length (<=), instead of less than the length (<), the index could be out of bounds.

Database specific

{
    "nvd_published_at": "2022-02-23T20:15:00Z",
    "github_reviewed_at": "2022-02-24T20:44:31Z",
    "severity": "CRITICAL",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-193"
    ]
}

References

Affected packages

Go / github.com/v2fly/v2ray-core/v4

Package

Name: github.com/v2fly/v2ray-core/v4; View open source insights on deps.dev
Purl: pkg:golang/github.com/v2fly/v2ray-core/v4

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.44.0

Go / github.com/v2fly/v2ray-core

Package

Name: github.com/v2fly/v2ray-core; View open source insights on deps.dev
Purl: pkg:golang/github.com/v2fly/v2ray-core

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Database specific

{
    "last_known_affected_version_range": "< 4.44.0"
}