GO-2022-1155
- Source
- https://pkg.go.dev/vuln/GO-2022-1155
- Import Source
- https://vuln.go.dev/ID/GO-2022-1155.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2022-1155
- Aliases
- Published
- 2022-12-22T17:41:44Z
- Modified
- 2024-05-20T16:03:47Z
- Summary
- Panic in github.com/ipfs/go-merkledag
- Details
-
A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns.
Additionally, use of the ProtoNode.SetCidBuilder() method to set non-functioning CidBuilder (such as one that refers to a multihash where an implementation of that hash function is not available) may cause the same methods to panic as a new CID is required but cannot be created.
- Database specific
{ "url": "https://pkg.go.dev/vuln/GO-2022-1155", "review_status": "REVIEWED" }- References
- Credits
-
-
- @mrd0ll4r (https://github.com/mrd0ll4r)
-
Affected packages
Go / github.com/ipfs/go-merkledag
Package
- Name
- github.com/ipfs/go-merkledag
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/ipfs/go-merkledag
Ecosystem specific
{
"imports": [
{
"path": "github.com/ipfs/go-merkledag",
"symbols": [
"ProtoNode.AddNodeLink",
"ProtoNode.AddRawLink",
"ProtoNode.AsBool",
"ProtoNode.AsBytes",
"ProtoNode.AsFloat",
"ProtoNode.AsInt",
"ProtoNode.AsLink",
"ProtoNode.AsString",
"ProtoNode.Cid",
"ProtoNode.EncodeProtobuf",
"ProtoNode.IsAbsent",
"ProtoNode.IsNull",
"ProtoNode.Kind",
"ProtoNode.Length",
"ProtoNode.ListIterator",
"ProtoNode.Loggable",
"ProtoNode.LookupByIndex",
"ProtoNode.LookupByNode",
"ProtoNode.LookupBySegment",
"ProtoNode.LookupByString",
"ProtoNode.MapIterator",
"ProtoNode.Marshal",
"ProtoNode.Multihash",
"ProtoNode.RawData",
"ProtoNode.SetCidBuilder",
"ProtoNode.SetLinks",
"ProtoNode.Size",
"ProtoNode.Stat",
"ProtoNode.String",
"ProtoNode.UnmarshalJSON",
"ProtoNode.UpdateNodeLink",
"ProtoNode.marshalImmutable"
]
}
]
}