From 0622006e992b9a5b5e7b8d97bb421dd7892fffd7 Mon Sep 17 00:00:00 2001 From: Henrique Cabral Date: Tue, 7 Jan 2025 13:01:50 -0300 Subject: [PATCH 1/2] New Vuln: Buffer Overflow in Wire (swift) --- input/new.json | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/input/new.json b/input/new.json index 87646b9..b9da0e8 100644 --- a/input/new.json +++ b/input/new.json @@ -1,15 +1,17 @@ { - "package_name": "", - "patch_versions": [], - "vulnerable_ranges": [], - "cwe": [], - "tldr": "", - "doest_this_affect_me": "", - "how_to_fix": "", - "vulnerable_to": "", + "package_name": "wire", + "patch_versions": ["5.2.0"], + "vulnerable_ranges": [ + ["3.3.0", "5.1.1"] + ], + "cwe": ["CWE-122"], + "tldr": "Affected versions of this package are affected by insufficient bounds checking during serialization or deserialization processes that can lead to a buffer overflow vulnerability when a data type exceeds five layers of nesting. An attacker could exploit this issue to crash the application or cause memory corruption.", + "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.", + "how_to_fix": "Upgrade the `wire` library to the patch version.", + "vulnerable_to": "Buffer Overflow", "related_cve_id": "", - "language": "", - "severity_class": "", - "aikido_score": 0, - "changelog": "" + "language": "swift", + "severity_class": "HIGH", + "aikido_score": 88, + "changelog": "https://github.com/square/wire/blob/master/CHANGELOG.md" } From 9b8321d8b181a34178493dfed6596972e2cc3ff3 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 7 Jan 2025 16:11:12 +0000 Subject: [PATCH 2/2] Move new vulnerability to vulnerabilities/AIKIDO-2025-10008.json and reset new.json template --- input/new.json | 26 ++++++++++++-------------- vulnerabilities/AIKIDO-2025-10008.json | 26 ++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 14 deletions(-) create mode 100644 vulnerabilities/AIKIDO-2025-10008.json diff --git a/input/new.json b/input/new.json index b9da0e8..87646b9 100644 --- a/input/new.json +++ b/input/new.json @@ -1,17 +1,15 @@ { - "package_name": "wire", - "patch_versions": ["5.2.0"], - "vulnerable_ranges": [ - ["3.3.0", "5.1.1"] - ], - "cwe": ["CWE-122"], - "tldr": "Affected versions of this package are affected by insufficient bounds checking during serialization or deserialization processes that can lead to a buffer overflow vulnerability when a data type exceeds five layers of nesting. An attacker could exploit this issue to crash the application or cause memory corruption.", - "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.", - "how_to_fix": "Upgrade the `wire` library to the patch version.", - "vulnerable_to": "Buffer Overflow", + "package_name": "", + "patch_versions": [], + "vulnerable_ranges": [], + "cwe": [], + "tldr": "", + "doest_this_affect_me": "", + "how_to_fix": "", + "vulnerable_to": "", "related_cve_id": "", - "language": "swift", - "severity_class": "HIGH", - "aikido_score": 88, - "changelog": "https://github.com/square/wire/blob/master/CHANGELOG.md" + "language": "", + "severity_class": "", + "aikido_score": 0, + "changelog": "" } diff --git a/vulnerabilities/AIKIDO-2025-10008.json b/vulnerabilities/AIKIDO-2025-10008.json new file mode 100644 index 0000000..b91c458 --- /dev/null +++ b/vulnerabilities/AIKIDO-2025-10008.json @@ -0,0 +1,26 @@ +{ + "package_name": "wire", + "patch_versions": [ + "5.2.0" + ], + "vulnerable_ranges": [ + [ + "3.3.0", + "5.1.1" + ] + ], + "cwe": [ + "CWE-122" + ], + "tldr": "Affected versions of this package are affected by insufficient bounds checking during serialization or deserialization processes that can lead to a buffer overflow vulnerability when a data type exceeds five layers of nesting. An attacker could exploit this issue to crash the application or cause memory corruption.", + "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.", + "how_to_fix": "Upgrade the `wire` library to the patch version.", + "vulnerable_to": "Buffer Overflow", + "related_cve_id": "", + "language": "swift", + "severity_class": "HIGH", + "aikido_score": 88, + "changelog": "https://github.com/square/wire/blob/master/CHANGELOG.md", + "last_modified": "2025-01-07", + "published": "2025-01-07" +}