CVE-2023-29407

Published: Aug 2, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.

Affected (3)

Products: Golang: Image · Fedoraproject: Fedora

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Golang Image	Before 0.10.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 37
Fedoraproject Fedora	Version 38

Related CWEs

CWE-834

Excessive Iteration

The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

References (14)

https://go.dev/cl/514897

Source: security@golang.org

Patch

https://go.dev/issue/61581

Source: security@golang.org

Issue TrackingVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/

Source: security@golang.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/

Source: security@golang.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZTEP6JYILRBNDTNWTEQ5D4QUUVQBESK/

Source: security@golang.org

https://pkg.go.dev/vuln/GO-2023-1990

Source: security@golang.org

Issue TrackingPatchVendor Advisory

https://security.netapp.com/advisory/ntap-20230831-0009/

Source: security@golang.org

Third Party Advisory

https://go.dev/cl/514897