Описание
IPFS go-bitfield vulnerable to DoS via malformed size arguments
Impact
When feeding untrusted user input into the size parameter of NewBitfield and FromBytes functions, an attacker can trigger panics.
This happen when the size is a not a multiple of 8 or is negative.
There were already a note in the NewBitfield documentation:
Panics if size is not a multiple of 8.
But it incomplete and missing from FromBytes's documentation.
This has been replaced by returning an (Bitfield, error) and returning a non nil error if the size is wrong.
Patches
Workarounds
- Ensure
size%8 == 0 && size >= 0yourself before callingNewBitfieldorFromBytes
References
Пакеты
github.com/ipfs/go-bitfield
< 1.1.0
1.1.0
Связанные уязвимости
go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. When feeding untrusted user input into the size parameter of `NewBitfield` and `FromBytes` functions, an attacker can trigger `panic`s. This happen when the `size` is a not a multiple of `8` or is negative. There were already a note in the `NewBitfield` documentation, however known users of this package are subject to this issue. Users are advised to upgrade. Users unable to upgrade should ensure that `size` is a multiple of 8 before calling `NewBitfield` or `FromBytes`.