Merge pull request #46 from AikidoSec/intel-new-vul-bufferoverflow-wire

New Vuln: Buffer Overflow in Wire (swift)
AikidoSec · Jan 7, 2025 · a1c65f9 · a1c65f9
2 parents 434b87b + 9b8321d
commit a1c65f9
Showing 1 changed file with 26 additions and 0 deletions.
diff --git a/vulnerabilities/AIKIDO-2025-10008.json b/vulnerabilities/AIKIDO-2025-10008.json
@@ -0,0 +1,26 @@
+{
+  "package_name": "wire",
+  "patch_versions": [
+    "5.2.0"
+  ],
+  "vulnerable_ranges": [
+    [
+      "3.3.0",
+      "5.1.1"
+    ]
+  ],
+  "cwe": [
+    "CWE-122"
+  ],
+  "tldr": "Affected versions of this package are affected by insufficient bounds checking during serialization or deserialization processes that can lead to a buffer overflow vulnerability when a data type exceeds five layers of nesting. An attacker could exploit this issue to crash the application or cause memory corruption.",
+  "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
+  "how_to_fix": "Upgrade the `wire` library to the patch version.",
+  "vulnerable_to": "Buffer Overflow",
+  "related_cve_id": "",
+  "language": "swift",
+  "severity_class": "HIGH",
+  "aikido_score": 88,
+  "changelog": "https://github.com/square/wire/blob/master/CHANGELOG.md",
+  "last_modified": "2025-01-07",
+  "published": "2025-01-07"
+}