CVE-2020-29242

Description

Due to improper bounds checking, a number of methods can trigger a panic due to attempted out-of-bounds reads. If the package is used to parse user supplied input, this may be used as a vector for a denial of service attack.

How to fix CVE-2020-29242

To remediate CVE-2020-29242, upgrade the affected package to a fixed version below.

• —upgrade to 0.0.0-20201120070457-d52dcb253c63 or later
• —upgrade to 0.0.0-20201120070457-d52dcb253c63 or later
• —upgrade to 0.0.0-20201120070457-d52dcb253c63 or later
• —upgrade to 0.0.0-20201120070457-d52dcb253c63 or later
• —upgrade to 0.0.0-20201120070457-d52dcb253c63 or later

Is CVE-2020-29242 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (5)

• from 0, < 0.0.0-20201120070457-d52dcb253c63
• from 0, < 0.0.0-20201120070457-d52dcb253c63
• from 0, < 0.0.0-20201120070457-d52dcb253c63
• from 0, < 0.0.0-20201120070457-d52dcb253c63
• from 0, < 0.0.0-20201120070457-d52dcb253c63

CVSS scores

References (14)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2020-29242
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2020-29243
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2020-29244
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2020-29245
• PATCHgithub.com