CVE-2022-36078

{"id": "CVE-2022-36078", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-09-02T13:15:08.930", "references": [{"url": "https://github.com/gagliardetto/binary/pull/7", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/gagliardetto/binary/releases/tag/v0.7.1", "tags": ["Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/gagliardetto/binary/security/advisories/GHSA-4p6f-m4f9-ch88", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/gagliardetto/binary/pull/7", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/gagliardetto/binary/releases/tag/v0.7.1", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/gagliardetto/binary/security/advisories/GHSA-4p6f-m4f9-ch88", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-789"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1284"}]}], "descriptions": [{"lang": "en", "value": "Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with (arbitrary) excessive size value, which can either exhaust available memory or crash the whole program. When using `github.com/gagliardetto/binary` to parse unchecked (or wrong type of) data from untrusted sources of input (e.g. the blockchain) into slices, it's possible to allocate memory with excessive size. When `dec.Decode(&val)` method is used to parse data into a structure that is or contains slices of values, the length of the slice was previously read directly from the data itself without any checks on the size of it, and then a slice was allocated. This could lead to an overflow and an allocation of memory with excessive size value. Users should upgrade to `v0.7.1` or higher. A workaround is not to rely on the `dec.Decode(&val)` function to parse the data, but to use a custom `UnmarshalWithDecoder()` method that reads and checks the length of any slice."}, {"lang": "es", "value": "Binary proporciona codificaci\u00f3n/decodificaci\u00f3n en Borsh y otros formatos. La vulnerabilidad es un fallo de asignaci\u00f3n de memoria que puede ser explotada para asignar fragmentos en la memoria con un valor de tama\u00f1o (arbitrario) excesivo, que puede agotar la memoria disponible o bloquear todo el programa. Cuando es usada \"github.com/gagliardetto/binary\" para analizar datos no verificados (o de tipo incorrecto) procedentes de fuentes de entrada no confiables (por ejemplo, la cadena de bloques) en trozos, es posible asignar memoria con un tama\u00f1o excesivo. Cuando es usado el m\u00e9todo \"dec.Decode(&val)\" para parsear datos en una estructura que es o contiene trozos de valores, la longitud del trozo es le\u00eddo previamente directamente de los propios datos sin ninguna comprobaci\u00f3n del tama\u00f1o de los mismos, y luego es asignado un trozo. Esto podr\u00eda conllevar a un desbordamiento y una asignaci\u00f3n de memoria con un valor de tama\u00f1o excesivo. Los usuarios deber\u00edan actualizar a versiones \"v0.7.1\" o superiores. Una mitigaci\u00f3n es no confiar en la funci\u00f3n \"dec.Decode(&val)\" para analizar los datos, sino usar un m\u00e9todo personalizado \"UnmarshalWithDecoder()\" que lea y compruebe la longitud de cualquier slice"}], "lastModified": "2024-11-21T07:12:20.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:binary_project:binary:*:*:*:*:*:go:*:*", "vulnerable": true, "matchCriteriaId": "A0A6D34C-F9B9-46CE-B80A-4B5C44DE6A71", "versionEndExcluding": "0.7.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}