CVE-2020-29245

Name of the Vulnerable Software and Affected Versions dhowden tag versions prior to 0.0.0-20201120070457-d52dcb253c63

Description The issue is due to improper bounds checking in several methods, which can trigger a panic via readAtomData or readAPICFrame due to attempted out-of-bounds reads. If the package is used to parse user-supplied input, this may be used as a vector for a denial of service attack.

Recommendations For versions prior to 0.0.0-20201120070457-d52dcb253c63, consider updating to a version that includes proper bounds checking to prevent out-of-bounds reads. As a temporary workaround, consider restricting the use of methods that can trigger a panic, such as readAtomData and readAPICFrame, until a patch is available. Avoid using the package to parse user-supplied input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.