CVE-2022-36078

Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with (arbitrary) excessive size value, which can either exhaust available memory or crash the whole program. When using `github.com/gagliardetto/binary` to parse unchecked (or wrong type of) data from untrusted sources of input (e.g. the blockchain) into slices, it's possible to allocate memory with excessive size. When `dec.Decode(&val)` method is used to parse data into a structure that is or contains slices of values, the length of the slice was previously read directly from the data itself without any checks on the size of it, and then a slice was allocated. This could lead to an overflow and an allocation of memory with excessive size value. Users should upgrade to `v0.7.1` or higher. A workaround is not to rely on the `dec.Decode(&val)` function to parse the data, but to use a custom `UnmarshalWithDecoder()` method that reads and checks the length of any slice.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/gagliardetto/binary/pull/7	Issue Tracking Patch Third Party Advisory
https://github.com/gagliardetto/binary/releases/tag/v0.7.1	Release Notes Third Party Advisory
https://github.com/gagliardetto/binary/security/advisories/GHSA-4p6f-m4f9-ch88	Exploit Mitigation Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:binary_project:binary:*:*:*:*:*:go:*:*

History

21 Jul 2023, 19:21

Type	Values Removed	Values Added
CWE	~~CWE-400~~	CWE-1284

Information

Published : 2022-09-02 13:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-36078

Mitre link : CVE-2022-36078

CVE.ORG link : CVE-2022-36078

JSON object : View

Products Affected

binary_project

binary

CWE

CWE-1284

Improper Validation of Specified Quantity in Input

CWE-789

Memory Allocation with Excessive Size Value

{"id": "CVE-2022-36078", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-09-02T13:15:08.930", "references": [{"url": "https://github.com/gagliardetto/binary/pull/7", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/gagliardetto/binary/releases/tag/v0.7.1", "tags": ["Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/gagliardetto/binary/security/advisories/GHSA-4p6f-m4f9-ch88", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1284"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-789"}]}], "descriptions": [{"lang": "en", "value": "Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with (arbitrary) excessive size value, which can either exhaust available memory or crash the whole program. When using `github.com/gagliardetto/binary` to parse unchecked (or wrong type of) data from untrusted sources of input (e.g. the blockchain) into slices, it's possible to allocate memory with excessive size. When `dec.Decode(&val)` method is used to parse data into a structure that is or contains slices of values, the length of the slice was previously read directly from the data itself without any checks on the size of it, and then a slice was allocated. This could lead to an overflow and an allocation of memory with excessive size value. Users should upgrade to `v0.7.1` or higher. A workaround is not to rely on the `dec.Decode(&val)` function to parse the data, but to use a custom `UnmarshalWithDecoder()` method that reads and checks the length of any slice."}, {"lang": "es", "value": "Binary proporciona codificaci\u00f3n/decodificaci\u00f3n en Borsh y otros formatos. La vulnerabilidad es un fallo de asignaci\u00f3n de memoria que puede ser explotada para asignar fragmentos en la memoria con un valor de tama\u00f1o (arbitrario) excesivo, que puede agotar la memoria disponible o bloquear todo el programa. Cuando es usada \"github.com/gagliardetto/binary\" para analizar datos no verificados (o de tipo incorrecto) procedentes de fuentes de entrada no confiables (por ejemplo, la cadena de bloques) en trozos, es posible asignar memoria con un tama\u00f1o excesivo. Cuando es usado el m\u00e9todo \"dec.Decode(&val)\" para parsear datos en una estructura que es o contiene trozos de valores, la longitud del trozo es le\u00eddo previamente directamente de los propios datos sin ninguna comprobaci\u00f3n del tama\u00f1o de los mismos, y luego es asignado un trozo. Esto podr\u00eda conllevar a un desbordamiento y una asignaci\u00f3n de memoria con un valor de tama\u00f1o excesivo. Los usuarios deber\u00edan actualizar a versiones \"v0.7.1\" o superiores. Una mitigaci\u00f3n es no confiar en la funci\u00f3n \"dec.Decode(&val)\" para analizar los datos, sino usar un m\u00e9todo personalizado \"UnmarshalWithDecoder()\" que lea y compruebe la longitud de cualquier slice"}], "lastModified": "2023-07-21T19:21:45.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:binary_project:binary:*:*:*:*:*:go:*:*", "vulnerable": true, "matchCriteriaId": "A0A6D34C-F9B9-46CE-B80A-4B5C44DE6A71", "versionEndExcluding": "0.7.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}