We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A carefully crafted packet can cause the ReadMessage function to push an infinite number of io.Readers within the packet reader.
An example packet created by Taylor R. Campbell can be found at: http://mumble.net/~campbell/misc/pgp-quine/ and additional details can be found from this related issue for GnuPG: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4402
The text was updated successfully, but these errors were encountered:
CC @agl
Sorry, something went wrong.
This has been fixed in golang/crypto@24ffb5feb
x/crypto/openpgp: Limit packet recursion depth.
24ffb5f
A carefully crafted packet can cause the packet reader to push an infinite number of recursive packet readers. This change limits the number of recursive parsing levels within the packet reader. More details at: http://mumble.net/~campbell/misc/pgp-quine https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4402 Fixes golang#10751 Change-Id: Ib4e102d85f6496e2c7feb5b9d7e5db45db6032df Reviewed-on: https://go-review.googlesource.com/9843 Reviewed-by: Adam Langley <agl@golang.org>
No branches or pull requests
A carefully crafted packet can cause the ReadMessage function to push an infinite number of io.Readers within the packet reader.
An example packet created by Taylor R. Campbell can be found at:
http://mumble.net/~campbell/misc/pgp-quine/
and additional details can be found from this related issue for GnuPG:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4402
The text was updated successfully, but these errors were encountered: