CVE-2020-29244

Name of the Vulnerable Software and Affected Versions dhowden tag versions prior to 0.0.0-20201120070457-d52dcb253c63 dhowden tag versions prior to 2020-11-19

Description The issue is due to improper bounds checking in several methods, which can trigger a panic via readAPICFrame, readAtomData, or readTextWithDescrFrame due to attempted out-of-bounds reads. If the package is used to parse user-supplied input, this may be used as a vector for a denial of service attack.

Recommendations For dhowden tag versions prior to 0.0.0-20201120070457-d52dcb253c63, update to version 0.0.0-20201120070457-d52dcb253c63 or later. For dhowden tag versions prior to 2020-11-19, update to a version released on or after 2020-11-19. As a temporary workaround, consider restricting the use of methods readAPICFrame, readAtomData, and readTextWithDescrFrame to minimize the risk of exploitation.