Skip to content

Commit 00566bd

Browse files
committed
data/reports: add summaries for x/ repo vulns
For golang/go#56443 Change-Id: I2b007a983da699bdac46408c0cd5ad6506e5ddb2 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/493918 TryBot-Result: Gopher Robot <[email protected]> Reviewed-by: Tatiana Bradley <[email protected]> Reviewed-by: Tim King <[email protected]> Run-TryBot: Tatiana Bradley <[email protected]>
1 parent 69f5b83 commit 00566bd

26 files changed

+27
-26
lines changed

data/reports/GO-2020-0012.yaml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,8 @@ modules:
2828
- ParsePublicKey
2929
- ParseRawPrivateKey
3030
- ParseRawPrivateKeyWithPassphrase
31-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
31+
summary: |
32+
Panic due to improper verification of cryptographic signatures in golang.org/x/crypto/ssh
3233
description: |
3334
An attacker can craft an ssh-ed25519 or [email protected] public
3435
key, such that the library will panic when trying to verify a signature

data/reports/GO-2020-0013.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ modules:
99
- NewClientConn
1010
derived_symbols:
1111
- Dial
12-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
12+
summary: Man-in-the-middle attack in golang.org/x/crypto/ssh
1313
description: |
1414
By default host key verification is disabled which allows for
1515
man-in-the-middle attacks against SSH clients if

data/reports/GO-2020-0014.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ modules:
1111
derived_symbols:
1212
- Parse
1313
- ParseFragment
14-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
14+
summary: Infinite loop in golang.org/x/net/html
1515
description: |
1616
html.Parse does not properly handle "select" tags, which can lead
1717
to an infinite loop. If parsing user supplied input, this may be used

data/reports/GO-2020-0015.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ modules:
1212
- package: golang.org/x/text/transform
1313
symbols:
1414
- String
15-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
15+
summary: Infinite loop in golang.org/x/text
1616
description: |
1717
An attacker could provide a single byte to a UTF16 decoder instantiated with
1818
UseBOM or ExpectBOM to trigger an infinite loop if the String function on

data/reports/GO-2021-0078.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ modules:
1111
derived_symbols:
1212
- Parse
1313
- ParseFragment
14-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
14+
summary: Panic in golang.org/x/net/html
1515
description: |
1616
The HTML parser does not properly handle "in frameset" insertion mode, and can be made
1717
to panic when operating on malformed HTML that contains <template> tags. If operating

data/reports/GO-2021-0113.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ modules:
1111
- MatchStrings
1212
- MustParse
1313
- ParseAcceptLanguage
14-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
14+
summary: Out-of-bounds read in golang.org/x/text/language
1515
description: |
1616
Due to improper index calculation, an incorrectly formatted language tag can cause Parse
1717
to panic via an out of bounds read. If Parse is used to process untrusted user inputs,

data/reports/GO-2021-0227.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ modules:
99
- connection.serverAuthenticate
1010
derived_symbols:
1111
- NewServerConn
12-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
12+
summary: Panic in golang.org/x/crypto/ssh
1313
description: |
1414
Clients can cause a panic in SSH servers. An attacker can craft
1515
an authentication request message for the “gssapi-with-mic” method

data/reports/GO-2021-0238.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ modules:
1212
- ParseFragment
1313
- ParseFragmentWithOptions
1414
- ParseWithOptions
15-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
15+
summary: Infinite loop in golang.org/x/net/html
1616
description: |
1717
An attacker can craft an input to ParseFragment that causes it
1818
to enter an infinite loop and never return.

data/reports/GO-2021-0356.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ modules:
77
- package: golang.org/x/crypto/ssh
88
symbols:
99
- ServerConfig.AddHostKey
10-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
10+
summary: Denial of service in golang.org/x/crypto/ssh
1111
description: |
1212
Attackers can cause a crash in SSH servers when the server has been
1313
configured by passing a Signer to ServerConfig.AddHostKey such that

data/reports/GO-2022-0192.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ modules:
1010
derived_symbols:
1111
- Parse
1212
- ParseFragment
13-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
13+
summary: Improper input validation in golang.org/x/net/html
1414
description: |
1515
The Parse function can panic on some invalid inputs.
1616

data/reports/GO-2022-0193.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ modules:
1010
derived_symbols:
1111
- Parse
1212
- ParseFragment
13-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
13+
summary: Improper input validation in golang.org/x/net/html
1414
description: |
1515
The Parse function can panic on some invalid inputs.
1616

data/reports/GO-2022-0197.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ modules:
1010
derived_symbols:
1111
- Parse
1212
- ParseFragment
13-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
13+
summary: Panic in golang.org/x/net/html
1414
description: |
1515
The Parse function can panic on some invalid inputs.
1616

data/reports/GO-2022-0209.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ modules:
99
- amd64
1010
symbols:
1111
- XORKeyStream
12-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
12+
summary: Insufficiently random values in golang.org/x/crypto/salsa20
1313
description: |
1414
XORKeyStream generates incorrect and insecure output for very
1515
large inputs.

data/reports/GO-2022-0213.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ modules:
1010
symbols:
1111
- Verify
1212
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
13-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
13+
summary: Panic in crypto/dsa
1414
description: |
1515
Invalid DSA public keys can cause a panic in dsa.Verify. In particular,
1616
using crypto/x509.Verify on a crafted X.509 certificate chain can lead to a

data/reports/GO-2022-0229.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ modules:
1313
vulnerable_at: 0.0.0-20200115085410-6d4e4cb37c7d
1414
packages:
1515
- package: golang.org/x/crypto/cryptobyte
16-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
16+
summary: Panic in crypto/x509 and golang.org/x/crypto/cryptobyte
1717
description: |
1818
On 32-bit architectures, a malformed input to crypto/x509 or
1919
the ASN.1 parsing functions of golang.org/x/crypto/cryptobyte

data/reports/GO-2022-0236.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ modules:
2222
- headerValueContainsToken
2323
derived_symbols:
2424
- HeaderValuesContainsToken
25-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
25+
summary: Panic in net/http and golang.org/x/net/http/httpguts
2626
description: |
2727
A malicious HTTP server or client can cause the net/http client
2828
or server to panic.

data/reports/GO-2022-0288.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ modules:
1919
- serverConn.canonicalHeader
2020
derived_symbols:
2121
- Server.ServeConn
22-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
22+
summary: Unbounded memory growth in net/http and golang.org/x/net/http2
2323
description: |
2424
An attacker can cause unbounded memory growth in servers accepting
2525
HTTP/2 requests.

data/reports/GO-2022-0493.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ modules:
1919
- Faccessat
2020
derived_symbols:
2121
- Access
22-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
22+
summary: Incorrect privilege reporting in syscall and golang.org/x/sys/unix
2323
description: |
2424
When called with a non-zero flags parameter, the Faccessat function
2525
can incorrectly report that a file is accessible.

data/reports/GO-2022-0536.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ modules:
2222
- serverConn.serve
2323
- serverConn.writeFrame
2424
- serverConn.scheduleFrameWrite
25-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
25+
summary: Reset flood in net/http and golang.org/x/net/http
2626
description: |
2727
Some HTTP/2 implementations are vulnerable to a reset flood, potentially
2828
leading to a denial of service.

data/reports/GO-2022-0968.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ modules:
1212
- Dial
1313
- NewClientConn
1414
- NewServerConn
15-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
15+
summary: Panic in golang.org/x/crypto/ssh
1616
description: |
1717
Unauthenticated clients can cause a panic in SSH servers.
1818

data/reports/GO-2022-0969.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ modules:
2929
- serverConn.goAway
3030
derived_symbols:
3131
- Server.ServeConn
32-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
32+
summary: Denial of service in net/http and golang.org/x/net/http2
3333
description: |
3434
HTTP/2 server connections can hang forever waiting for a clean shutdown
3535
that was preempted by a fatal error. This condition can be exploited

data/reports/GO-2022-1059.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ modules:
99
- ParseAcceptLanguage
1010
derived_symbols:
1111
- MatchStrings
12-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
12+
summary: Denial of service in golang.org/x/text/language
1313
description: |
1414
An attacker may cause a denial of service by crafting an Accept-Language
1515
header which ParseAcceptLanguage will take significant time to parse.

data/reports/GO-2022-1144.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ modules:
2929
- serverConn.canonicalHeader
3030
derived_symbols:
3131
- Server.ServeConn
32-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
32+
summary: Excessive memory growth in net/http and golang.org/x/net/http2
3333
description: |
3434
An attacker can cause excessive memory growth in a Go server accepting
3535
HTTP/2 requests.

data/reports/GO-2023-1495.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ modules:
99
symbols:
1010
- h2cHandler.ServeHTTP
1111
- h2cUpgrade
12-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
12+
summary: Request smuggling in golang.org/x/net/http2/h2c
1313
description: |
1414
A request smuggling attack is possible when using MaxBytesHandler.
1515

data/reports/GO-2023-1571.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -112,7 +112,7 @@ modules:
112112
derived_symbols:
113113
- Decoder.DecodeFull
114114
- Decoder.Write
115-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
115+
summary: Denial of service in net/http and golang.org/x/net/http2
116116
description: |
117117
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption
118118
in the HPACK decoder, sufficient to cause a denial of service from a small

data/reports/GO-2023-1572.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ modules:
1111
- Decode
1212
derived_symbols:
1313
- DecodeConfig
14-
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
14+
summary: Denial of service in golang.org/x/image/tiff
1515
description: |
1616
An attacker can craft a malformed TIFF image which will consume a
1717
significant amount of memory when passed to DecodeConfig. This could

0 commit comments

Comments
 (0)