CVE-2020-29243: dhowden tag panic due to out-of-bounds read
6.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.61902%
CWE
Published
5/24/2022
Updated
5/20/2024
KEV Status
No
Technology
Go
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
github.com/dhowden/tag | go | < 0.0.0-20201120070457-d52dcb253c63 | 0.0.0-20201120070457-d52dcb253c63 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
- Commit a922134 explicitly fixes readAPICFrame by adding buffer length checks and mimeDataSplit validation.
- Commit 6b18201 adds a length guard to readPICFrame.
- Commit 4b595ed corrects readAtomData's bounds check from 3 to 4 bytes.
- Issue #80 and CVE description directly reference panics in these frame-parsing functions when processing malformed input. The patches address the root cause (CWE-129) through added bounds checks.