go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. When feeding untrusted user input into the size parameter of `NewBitfield` and `FromBytes` functions, an attacker can trigger `panic`s. This happen when the `size` is a not a multiple of `8` or is negative. There were already a note in the `NewBitfield` documentation, however known users of this package are subject to this issue. Users are advised to upgrade. Users unable to upgrade should ensure that `size` is a multiple of 8 before calling `NewBitfield` or `FromBytes`.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-02-09T20:54:07.075Z
Updated: 2024-08-02T10:35:33.661Z
Reserved: 2023-01-16T17:07:46.244Z
Link: CVE-2023-23626
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-02-09T21:15:11.413
Modified: 2024-11-21T07:46:33.840
Link: CVE-2023-23626
Redhat
No data.