data/reports: add summaries for x/ repo vulns

For golang/go#56443

Change-Id: I2b007a983da699bdac46408c0cd5ad6506e5ddb2
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/493918
TryBot-Result: Gopher Robot <[email protected]>
Reviewed-by: Tatiana Bradley <[email protected]>
Reviewed-by: Tim King <[email protected]>
Run-TryBot: Tatiana Bradley <[email protected]>

Author: tatianab

data/reports/GO-2020-0012.yaml

@@ -28,7 +28,8 @@ modules:
           - ParsePublicKey
           - ParseRawPrivateKey
           - ParseRawPrivateKeyWithPassphrase
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: |
+    Panic due to improper verification of cryptographic signatures in golang.org/x/crypto/ssh
 description: |
     An attacker can craft an ssh-ed25519 or [email protected] public
     key, such that the library will panic when trying to verify a signature

data/reports/GO-2020-0013.yaml

@@ -9,7 +9,7 @@ modules:
           - NewClientConn
         derived_symbols:
           - Dial
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Man-in-the-middle attack in golang.org/x/crypto/ssh
 description: |
     By default host key verification is disabled which allows for
     man-in-the-middle attacks against SSH clients if

data/reports/GO-2020-0014.yaml

@@ -11,7 +11,7 @@ modules:
         derived_symbols:
           - Parse
           - ParseFragment
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Infinite loop in golang.org/x/net/html
 description: |
     html.Parse does not properly handle "select" tags, which can lead
     to an infinite loop. If parsing user supplied input, this may be used

data/reports/GO-2020-0015.yaml

@@ -12,7 +12,7 @@ modules:
       - package: golang.org/x/text/transform
         symbols:
           - String
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Infinite loop in golang.org/x/text
 description: |
     An attacker could provide a single byte to a UTF16 decoder instantiated with
     UseBOM or ExpectBOM to trigger an infinite loop if the String function on

data/reports/GO-2021-0078.yaml

@@ -11,7 +11,7 @@ modules:
         derived_symbols:
           - Parse
           - ParseFragment
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Panic in golang.org/x/net/html
 description: |
     The HTML parser does not properly handle "in frameset" insertion mode, and can be made
     to panic when operating on malformed HTML that contains <template> tags. If operating

data/reports/GO-2021-0113.yaml

@@ -11,7 +11,7 @@ modules:
           - MatchStrings
           - MustParse
           - ParseAcceptLanguage
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Out-of-bounds read in golang.org/x/text/language
 description: |
     Due to improper index calculation, an incorrectly formatted language tag can cause Parse
     to panic via an out of bounds read. If Parse is used to process untrusted user inputs,

data/reports/GO-2021-0227.yaml

@@ -9,7 +9,7 @@ modules:
           - connection.serverAuthenticate
         derived_symbols:
           - NewServerConn
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Panic in golang.org/x/crypto/ssh
 description: |
     Clients can cause a panic in SSH servers. An attacker can craft
     an authentication request message for the “gssapi-with-mic” method

data/reports/GO-2021-0238.yaml

@@ -12,7 +12,7 @@ modules:
           - ParseFragment
           - ParseFragmentWithOptions
           - ParseWithOptions
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Infinite loop in golang.org/x/net/html
 description: |
     An attacker can craft an input to ParseFragment that causes it
     to enter an infinite loop and never return.

data/reports/GO-2021-0356.yaml

@@ -7,7 +7,7 @@ modules:
       - package: golang.org/x/crypto/ssh
         symbols:
           - ServerConfig.AddHostKey
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Denial of service in golang.org/x/crypto/ssh
 description: |
     Attackers can cause a crash in SSH servers when the server has been
     configured by passing a Signer to ServerConfig.AddHostKey such that

data/reports/GO-2022-0192.yaml

@@ -10,7 +10,7 @@ modules:
         derived_symbols:
           - Parse
           - ParseFragment
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Improper input validation in golang.org/x/net/html
 description: |
     The Parse function can panic on some invalid inputs.
 

data/reports/GO-2022-0193.yaml

@@ -10,7 +10,7 @@ modules:
         derived_symbols:
           - Parse
           - ParseFragment
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Improper input validation in golang.org/x/net/html
 description: |
     The Parse function can panic on some invalid inputs.
 

data/reports/GO-2022-0197.yaml

@@ -10,7 +10,7 @@ modules:
         derived_symbols:
           - Parse
           - ParseFragment
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Panic in golang.org/x/net/html
 description: |
     The Parse function can panic on some invalid inputs.
 

data/reports/GO-2022-0209.yaml

@@ -9,7 +9,7 @@ modules:
           - amd64
         symbols:
           - XORKeyStream
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Insufficiently random values in golang.org/x/crypto/salsa20
 description: |
     XORKeyStream generates incorrect and insecure output for very
     large inputs.

data/reports/GO-2022-0213.yaml

@@ -10,7 +10,7 @@ modules:
         symbols:
           - Verify
         skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Panic in crypto/dsa
 description: |
     Invalid DSA public keys can cause a panic in dsa.Verify. In particular,
     using crypto/x509.Verify on a crafted X.509 certificate chain can lead to a

data/reports/GO-2022-0229.yaml

@@ -13,7 +13,7 @@ modules:
     vulnerable_at: 0.0.0-20200115085410-6d4e4cb37c7d
     packages:
       - package: golang.org/x/crypto/cryptobyte
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Panic in crypto/x509 and golang.org/x/crypto/cryptobyte
 description: |
     On 32-bit architectures, a malformed input to crypto/x509 or
     the ASN.1 parsing functions of golang.org/x/crypto/cryptobyte

data/reports/GO-2022-0236.yaml

@@ -22,7 +22,7 @@ modules:
           - headerValueContainsToken
         derived_symbols:
           - HeaderValuesContainsToken
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Panic in net/http and golang.org/x/net/http/httpguts
 description: |
     A malicious HTTP server or client can cause the net/http client
     or server to panic.

data/reports/GO-2022-0288.yaml

@@ -19,7 +19,7 @@ modules:
           - serverConn.canonicalHeader
         derived_symbols:
           - Server.ServeConn
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Unbounded memory growth in net/http and golang.org/x/net/http2
 description: |
     An attacker can cause unbounded memory growth in servers accepting
     HTTP/2 requests.

data/reports/GO-2022-0493.yaml

@@ -19,7 +19,7 @@ modules:
           - Faccessat
         derived_symbols:
           - Access
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Incorrect privilege reporting in syscall and golang.org/x/sys/unix
 description: |
     When called with a non-zero flags parameter, the Faccessat function
     can incorrectly report that a file is accessible.

data/reports/GO-2022-0536.yaml

@@ -22,7 +22,7 @@ modules:
           - serverConn.serve
           - serverConn.writeFrame
           - serverConn.scheduleFrameWrite
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Reset flood in net/http and golang.org/x/net/http
 description: |
     Some HTTP/2 implementations are vulnerable to a reset flood, potentially
     leading to a denial of service.

data/reports/GO-2022-0968.yaml

@@ -12,7 +12,7 @@ modules:
           - Dial
           - NewClientConn
           - NewServerConn
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Panic in golang.org/x/crypto/ssh
 description: |
     Unauthenticated clients can cause a panic in SSH servers.
 

data/reports/GO-2022-0969.yaml

@@ -29,7 +29,7 @@ modules:
           - serverConn.goAway
         derived_symbols:
           - Server.ServeConn
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Denial of service in net/http and golang.org/x/net/http2
 description: |
     HTTP/2 server connections can hang forever waiting for a clean shutdown
     that was preempted by a fatal error. This condition can be exploited

data/reports/GO-2022-1059.yaml

@@ -9,7 +9,7 @@ modules:
           - ParseAcceptLanguage
         derived_symbols:
           - MatchStrings
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Denial of service in golang.org/x/text/language
 description: |
     An attacker may cause a denial of service by crafting an Accept-Language
     header which ParseAcceptLanguage will take significant time to parse.

data/reports/GO-2022-1144.yaml

@@ -29,7 +29,7 @@ modules:
           - serverConn.canonicalHeader
         derived_symbols:
           - Server.ServeConn
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Excessive memory growth in net/http and golang.org/x/net/http2
 description: |
     An attacker can cause excessive memory growth in a Go server accepting
     HTTP/2 requests.

data/reports/GO-2023-1495.yaml

@@ -9,7 +9,7 @@ modules:
         symbols:
           - h2cHandler.ServeHTTP
           - h2cUpgrade
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Request smuggling in golang.org/x/net/http2/h2c
 description: |
     A request smuggling attack is possible when using MaxBytesHandler.
 

data/reports/GO-2023-1571.yaml

@@ -112,7 +112,7 @@ modules:
         derived_symbols:
           - Decoder.DecodeFull
           - Decoder.Write
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Denial of service in net/http and golang.org/x/net/http2
 description: |
     A maliciously crafted HTTP/2 stream could cause excessive CPU consumption
     in the HPACK decoder, sufficient to cause a denial of service from a small

data/reports/GO-2023-1572.yaml

@@ -11,7 +11,7 @@ modules:
           - Decode
         derived_symbols:
           - DecodeConfig
-summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
+summary: Denial of service in golang.org/x/image/tiff
 description: |
     An attacker can craft a malformed TIFF image which will consume a
     significant amount of memory when passed to DecodeConfig. This could