From eee3f2155022ee88db6f98e797a1adcec812eb66 Mon Sep 17 00:00:00 2001 From: Tatiana Bradley Date: Fri, 21 Oct 2022 16:53:35 -0400 Subject: [PATCH] data/reports: add aliases and vulnerable_at for GO-2020-0005.yaml For golang/vulndb#005 Change-Id: I2d5ac25521088fc330c09a1881d30b349f962eef Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/444759 Reviewed-by: Tatiana Bradley Reviewed-by: Damien Neil Auto-Submit: Tatiana Bradley TryBot-Result: Gopher Robot Run-TryBot: Tatiana Bradley --- data/osv/GO-2020-0005.json | 6 +++++- data/reports/GO-2020-0005.yaml | 7 +++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/data/osv/GO-2020-0005.json b/data/osv/GO-2020-0005.json index 153c45f9..5aafc20a 100644 --- a/data/osv/GO-2020-0005.json +++ b/data/osv/GO-2020-0005.json @@ -4,7 +4,8 @@ "modified": "0001-01-01T00:00:00Z", "aliases": [ "CVE-2020-15106", - "CVE-2020-15112" + "CVE-2020-15112", + "GHSA-m332-53r6-2w93" ], "details": "Malformed WALs can be constructed such that WAL.ReadAll can cause attempted\nout of bounds reads, or creation of arbitrarily sized slices, which may be used as\na DoS vector.\n", "affected": [ @@ -34,6 +35,9 @@ { "path": "go.etcd.io/etcd/wal", "symbols": [ + "Create", + "Repair", + "Verify", "WAL.ReadAll", "decoder.decodeRecord" ] diff --git a/data/reports/GO-2020-0005.yaml b/data/reports/GO-2020-0005.yaml index 982342d8..81e6f8bc 100644 --- a/data/reports/GO-2020-0005.yaml +++ b/data/reports/GO-2020-0005.yaml @@ -2,11 +2,16 @@ modules: - module: go.etcd.io/etcd versions: - fixed: 0.5.0-alpha.5.0.20200423152442-f4b650b51dc4 + vulnerable_at: 0.5.0-alpha.5.0.20200422225029-2369cb367873 packages: - package: go.etcd.io/etcd/wal symbols: - WAL.ReadAll - decoder.decodeRecord + derived_symbols: + - Create + - Repair + - Verify description: | Malformed WALs can be constructed such that WAL.ReadAll can cause attempted out of bounds reads, or creation of arbitrarily sized slices, which may be used as @@ -15,6 +20,8 @@ published: 2021-04-14T20:04:52Z cves: - CVE-2020-15106 - CVE-2020-15112 +ghsas: + - GHSA-m332-53r6-2w93 credit: Trail of Bits references: - fix: https://github.com/etcd-io/etcd/pull/11793