GO-2021-0097

See a problem?
Please try reporting it to the source first.

Source

https://pkg.go.dev/vuln/GO-2021-0097

Import Source

https://vuln.go.dev/ID/GO-2021-0097.json

JSON Data

https://api.osv.dev/v1/vulns/GO-2021-0097

Aliases

CVE-2020-29242
CVE-2020-29243
CVE-2020-29244
CVE-2020-29245
GHSA-27mh-3343-6hg5
GHSA-9wm7-rc47-g56m
GHSA-9xm8-8qvc-vw3p
GHSA-wg79-2cgp-qrjm

Published

2021-04-14T20:04:52Z

Modified

2024-05-20T16:03:47Z

Summary

Panic due to out-of-bounds read in github.com/dhowden/tag

Details

Due to improper bounds checking, a number of methods can trigger a panic due to attempted out-of-bounds reads. If the package is used to parse user supplied input, this may be used as a vector for a denial of service attack.

Database specific

{
    "url": "https://pkg.go.dev/vuln/GO-2021-0097",
    "review_status": "REVIEWED"
}

References

Credits

- @Jayl1n

Affected packages

Go / github.com/dhowden/tag

Package

Name: github.com/dhowden/tag; View open source insights on deps.dev
Purl: pkg:golang/github.com/dhowden/tag

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.0.0-20201120070457-d52dcb253c63

Ecosystem specific

{
    "imports": [
        {
            "symbols": [
                "ReadAtoms",
                "ReadDSFTags",
                "ReadFrom",
                "ReadID3v2Tags",
                "metadataMP4.readAtomData",
                "readAPICFrame",
                "readPICFrame",
                "readTextWithDescrFrame"
            ],
            "path": "github.com/dhowden/tag"
        }
    ]
}