漏洞标题
服务拒绝 HAMT 编码 Go-unixfs
漏洞描述信息
在go-unixfs中的HAMT解码中存在拒绝服务问题
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
Denial of service in HAMT Decoding in go-unixfs
漏洞描述信息
go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus `fanout` parameter in the HAMT directory nodes. Users are advised to upgrade to version 0.4.3 to resolve this issue. Users unable to upgrade should not feed untrusted user data to the decoding functions.
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞类别
未加控制的资源消耗(资源穷尽)
漏洞标题
go-unixfs 资源管理错误漏洞
漏洞描述信息
go-unixfs是在 ipld merkledag 之上实现类 unix 文件系统实用程序。 go-unixfs 0.4.3之前版本存在资源管理错误漏洞,该漏洞源于尝试读取格式错误的HAMT分片目录时可能会导致恐慌和虚拟内存泄漏。
CVSS信息
N/A
漏洞类别
资源管理错误