CVE-2022-258427.12.2022, 22:15The dag-pb codec can panic when decoding invalid blocks.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST7.5 HIGHNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HGoCNA------CVEADP------CISA-ADPADP7.5 HIGHNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HBase ScoreCVSS 3.xEPSS ScorePercentile: 40%VendorProductVersionprotocolgo-codec-dagpb𝑥< 1.3.1𝑥= Vulnerable software versionsCommon Weakness EnumerationCWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Referenceshttps://github.com/ipld/go-codec-dagpb/commit/a17ace35cc760a2698645c09868f9050fa219f57https://pkg.go.dev/vuln/GO-2022-0422https://github.com/ipld/go-codec-dagpb/commit/a17ace35cc760a2698645c09868f9050fa219f57https://pkg.go.dev/vuln/GO-2022-0422