CVE-2022-36078

Name of the Vulnerable Software and Affected Versions github.com/gagliardetto/binary versions prior to v0.7.1

Description The issue is a memory allocation vulnerability that can be exploited to allocate slices in memory with excessive size values, potentially exhausting available memory or crashing the program. This occurs when using github.com/gagliardetto/binary to parse unchecked data from untrusted sources into slices. The dec.Decode(&val) method reads the length of the slice directly from the data without checks, leading to potential overflows and excessive memory allocation.

Recommendations To resolve the issue, upgrade to v0.7.1 or higher. As a temporary workaround, consider using a custom UnmarshalWithDecoder() method that reads and checks the length of any slice instead of relying on the dec.Decode(&val) function to parse the data.