GO-2021-0101

Source
https://pkg.go.dev/vuln/GO-2021-0101
Import Source
https://vuln.go.dev/ID/GO-2021-0101.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2021-0101
Aliases
Published
2021-07-28T18:08:05Z
Modified
2024-05-20T16:03:47Z
Summary
Panic due to out-of-bounds read in github.com/apache/thrift
Details

Due to an improper bounds check, parsing maliciously crafted messages can cause panics. If this package is used to parse untrusted input, this may be used as a vector for a denial of service attack.

Database specific
{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2021-0101"
}
References

Affected packages

Go / github.com/apache/thrift

Package

Name
github.com/apache/thrift
View open source insights on deps.dev
Purl
pkg:golang/github.com/apache/thrift

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-20151001171628-53dd39833a08
Fixed
0.13.0

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/apache/thrift/lib/go/thrift",
            "symbols": [
                "Skip",
                "SkipDefaultDepth",
                "TBinaryProtocol.Skip",
                "TCompactProtocol.Skip",
                "TJSONProtocol.ParseElemListBegin",
                "TJSONProtocol.ReadBool",
                "TJSONProtocol.ReadByte",
                "TJSONProtocol.ReadDouble",
                "TJSONProtocol.ReadFieldBegin",
                "TJSONProtocol.ReadFieldEnd",
                "TJSONProtocol.ReadI16",
                "TJSONProtocol.ReadI32",
                "TJSONProtocol.ReadI64",
                "TJSONProtocol.ReadListBegin",
                "TJSONProtocol.ReadListEnd",
                "TJSONProtocol.ReadMapBegin",
                "TJSONProtocol.ReadMapEnd",
                "TJSONProtocol.ReadMessageBegin",
                "TJSONProtocol.ReadMessageEnd",
                "TJSONProtocol.ReadSetBegin",
                "TJSONProtocol.ReadSetEnd",
                "TJSONProtocol.ReadStructBegin",
                "TJSONProtocol.ReadStructEnd",
                "TJSONProtocol.Skip",
                "TSimpleJSONProtocol.ParseElemListBegin",
                "TSimpleJSONProtocol.ParseF64",
                "TSimpleJSONProtocol.ParseI64",
                "TSimpleJSONProtocol.ParseListBegin",
                "TSimpleJSONProtocol.ParseListEnd",
                "TSimpleJSONProtocol.ParseObjectEnd",
                "TSimpleJSONProtocol.ParseObjectStart",
                "TSimpleJSONProtocol.ReadByte",
                "TSimpleJSONProtocol.ReadDouble",
                "TSimpleJSONProtocol.ReadI16",
                "TSimpleJSONProtocol.ReadI32",
                "TSimpleJSONProtocol.ReadI64",
                "TSimpleJSONProtocol.ReadListBegin",
                "TSimpleJSONProtocol.ReadListEnd",
                "TSimpleJSONProtocol.ReadMapBegin",
                "TSimpleJSONProtocol.ReadMapEnd",
                "TSimpleJSONProtocol.ReadMessageBegin",
                "TSimpleJSONProtocol.ReadMessageEnd",
                "TSimpleJSONProtocol.ReadSetBegin",
                "TSimpleJSONProtocol.ReadSetEnd",
                "TSimpleJSONProtocol.ReadStructBegin",
                "TSimpleJSONProtocol.ReadStructEnd",
                "TSimpleJSONProtocol.Skip",
                "TSimpleJSONProtocol.safePeekContains",
                "TStandardClient.Call",
                "TStandardClient.Recv",
                "tApplicationException.Read"
            ]
        }
    ]
}