-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe commit diff shows a critical fix in unmarshal.go where protowire.ConsumeVarint was replaced with protowire.ConsumeBytes in the Links parsing logic. This indicates improper bounds checking when decoding protobuf fields, matching CWE-119's memory safety pattern. The Go vulnerability report explicitly lists DecodeBytes as an affected symbol, and the patch directly modifies this function's decoding logic to prevent buffer overreads.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/ipld/go-codec-dagpb | go | < 1.3.1 | 1.3.1 |