CVE-2022-36078
Resource exhaustion in github.com/gagliardetto/binary
8.8
HIGH
CVSS 3.1
EPSS 0.58%
Description
A memory allocation vulnerability can be exploited to allocate arbitrarily large slices, which can exhaust available memory or crash the program. When parsing data from untrusted sources of input (e.g. the blockchain), the length of the slice to allocate is read directly from the data itself without any checks, which could lead to an allocation of excessive memory.
How to fix CVE-2022-36078
To remediate CVE-2022-36078, upgrade the affected package to a fixed version below.
- —upgrade to 0.7.1 or later
- —upgrade to 0.7.1 or later
Is CVE-2022-36078 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.7.1
- from 0, < 0.7.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |