When importing an OCI image, there was no limit on the number of bytes read from the io.Reader passed into ImportIndex. A large number of bytes could be read from this and could cause a denial of service.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2023-1573" }