Vulnerability Report: GO-2022-0422
- CVE-2022-2584, GHSA-967g-cjx4-h7j6, and 1 more
- Affects: github.com/ipld/go-codec-dagpb
- Published: Jul 01, 2022
- Modified: May 20, 2024
The dag-pb codec can panic when decoding invalid blocks.
Affected Packages
-
PathGo VersionsSymbols
-
before v1.3.1
Aliases
References
- https://github.com/ipld/go-codec-dagpb/commit/a17ace35cc760a2698645c09868f9050fa219f57
- https://vuln.go.dev/ID/GO-2022-0422.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.