Due to improper bounds checking, a number of methods in dhowden tag before 0.0.0-20201120070457-d52dcb253c63 can trigger a panic via readAtomData
due to attempted out-of-bounds reads. If the package is used to parse user supplied input, this may be used as a vector for a denial of service attack.
{ "nvd_published_at": "2020-12-28T08:15:00Z", "cwe_ids": [ "CWE-129" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-02-08T00:21:12Z" }