Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of service when feeding malformed size arguments in go-bitfield
Vulnerability Description
go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. When feeding untrusted user input into the size parameter of `NewBitfield` and `FromBytes` functions, an attacker can trigger `panic`s. This happen when the `size` is a not a multiple of `8` or is negative. There were already a note in the `NewBitfield` documentation, however known users of this package are subject to this issue. Users are advised to upgrade. Users unable to upgrade should ensure that `size` is a multiple of 8 before calling `NewBitfield` or `FromBytes`.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
对因果或异常条件的不恰当检查
Vulnerability Title
go-bitfield 代码问题漏洞
Vulnerability Description
go-bitfield是IPFS开源的一个简单的位字段包。 go-bitfield v1.1.0之前版本存在代码问题漏洞,该漏洞源于当将不受信任的用户输入到NewBitfield和FromBytes函数的参数时,攻击者可以触发恐慌。
CVSS Information
N/A
Vulnerability Type
N/A