x/vulndb: potential Go vuln in github.com/v2fly/v2ray-core: GHSA-4cxw-hq44-r344 #550

julieqiu · 2022-08-01T18:10:01Z

In GitHub Security Advisory GHSA-4cxw-hq44-r344, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/v2fly/v2ray-core		< 4.44.0

See doc/triage.md for instructions on how to triage this report.

packages:
  - package: github.com/v2fly/v2ray-core
    versions:
      - introduced: TODO (earliest fixed "", vuln range "< 4.44.0")
  - package: github.com/v2fly/v2ray-core/v4
    versions:
      - fixed: 4.44.0
description: v2fly/v2ray-core prior to 4.44.0 is vulnerable to an off-by-one error.
    Indexing operations on arrays, slices, or strings should use an index at most
    one less than the length. If the index is checked for being less than or equal
    to the length (`<=`), instead of less than the length (`<`), the index could be
    out of bounds.
published: 2022-02-24T00:00:52Z
last_modified: 2022-03-03T19:17:50Z
cves:
  - CVE-2021-4070
ghsas:
  - GHSA-4cxw-hq44-r344
links:
    context:
      - https://github.com/advisories/GHSA-4cxw-hq44-r344

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-06-14T19:53:16Z

Change https://go.dev/cl/592768 mentions this issue: data/reports: unexclude 50 reports

gopherbot · 2024-08-20T19:35:37Z

Change https://go.dev/cl/607220 mentions this issue: data/reports: unexclude 20 reports (18)

- data/reports/GO-2022-0507.yaml - data/reports/GO-2022-0508.yaml - data/reports/GO-2022-0509.yaml - data/reports/GO-2022-0510.yaml - data/reports/GO-2022-0511.yaml - data/reports/GO-2022-0512.yaml - data/reports/GO-2022-0516.yaml - data/reports/GO-2022-0517.yaml - data/reports/GO-2022-0518.yaml - data/reports/GO-2022-0540.yaml - data/reports/GO-2022-0547.yaml - data/reports/GO-2022-0550.yaml - data/reports/GO-2022-0554.yaml - data/reports/GO-2022-0556.yaml - data/reports/GO-2022-0559.yaml - data/reports/GO-2022-0560.yaml - data/reports/GO-2022-0561.yaml - data/reports/GO-2022-0562.yaml - data/reports/GO-2022-0566.yaml - data/reports/GO-2022-0570.yaml Updates #507 Updates #508 Updates #509 Updates #510 Updates #511 Updates #512 Updates #516 Updates #517 Updates #518 Updates #540 Updates #547 Updates #550 Updates #554 Updates #556 Updates #559 Updates #560 Updates #561 Updates #562 Updates #566 Updates #570 Change-Id: I3197ea86e01d2ed4ae9e7f17dbd7a3e495c903e4 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607220 Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

julieqiu assigned tatianab Aug 3, 2022

tatianab assigned tatianab and unassigned tatianab Aug 4, 2022

julieqiu assigned rolandshoemaker Aug 10, 2022

rolandshoemaker added the excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. label Aug 15, 2022

rolandshoemaker closed this as completed Aug 15, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/v2fly/v2ray-core: GHSA-4cxw-hq44-r344 #550

x/vulndb: potential Go vuln in github.com/v2fly/v2ray-core: GHSA-4cxw-hq44-r344 #550

julieqiu commented Aug 1, 2022

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024

x/vulndb: potential Go vuln in github.com/v2fly/v2ray-core: GHSA-4cxw-hq44-r344 #550

x/vulndb: potential Go vuln in github.com/v2fly/v2ray-core: GHSA-4cxw-hq44-r344 #550

Comments

julieqiu commented Aug 1, 2022

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024