Miggo Logo
Miggo Vulnerability Database
CVE-2020-29245

CVE-2020-29245: dhowden tag panic due to out-of-bounds read

6.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-29245
GHSA ID
GHSA-wg79-2cgp-qrjm
EPSS Score
0.61902%
CWE
CWE-129
Published
5/24/2022
Updated
9/18/2023
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/dhowden/taggo< 0.0.0-20201120070457-d52dcb253c630.0.0-20201120070457-d52dcb253c63

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The key evidence comes from: 1) The patch diff shows the bounds check in readAtomData was increased from 3 to 4 bytes, 2) The test case in GHSA-wg79-2cgp-qrjm demonstrates a panic at this location, 3) The CWE-129 mapping confirms improper array index validation, and 4) The commit message explicitly states 'check bounds in readAtomData'. While other functions (ReadAtoms/ReadFrom) are entry points, readAtomData is the specific function with the flawed bounds check.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*u* to improp*r *oun*s ****kin*, * num**r o* m*t*o*s in **ow**n t** ***or* *.*.*-**************-************ **n tri***r * p*ni* vi* `r****tom**t*` *u* to *tt*mpt** out-o*-*oun*s r***s. I* t** p**k*** is us** to p*rs* us*r suppli** input, t*is m*y **

Reasoning

T** k*y *vi**n** *om*s *rom: *) T** p*t** *i** s*ows t** *oun*s ****k in `r****tom**t*` w*s in*r**s** *rom * to * *yt*s, *) T** t*st **s* in `**S*-w***-***p-qrjm` **monstr*t*s * p*ni* *t t*is lo**tion, *) T** `*W*-***` m*ppin* *on*irms improp*r *rr*y