Bump github.com/google/flatbuffers #213
Comments
|
The majority of the issues are already patched at the project's master branch. A release should soon follow. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Flatbuffers is an indirect dependency (via github.com/dgraph-io/badger/v3) which is impacted by 13 security advisories recently discovered.
An official fix has not yet been released and vulnerabilities scanners such as trivy do not pick it up. This issue is to keep track of the issue an patch it in a timely manner.
Security Advisories:
OSV-2021-1229: Heap-buffer-overflow in
flatbuffers::JsonPrinter::GenFieldOffsetOSV-2021-1249: Heap-buffer-overflow in int
flatbuffers::ReadScalar<int>OSV-2021-1314: Use-of-uninitialized-value in
LoadBinarySchemaOSV-2021-1678: Heap-buffer-overflow in
flatbuffers::EscapeStringOSV-2021-1695: Heap-buffer-overflow in
flexbuffers::Verifier::VerifyRefOSV-2021-281: Heap-buffer-overflow in
flatbuffers::Table* flatbuffers::GetMutableRoot<flatbuffers::Table>OSV-2021-308: Heap-buffer-overflow in
flatbuffers::JsonPrinter::GenFieldOffsetOSV-2021-333: Heap-buffer-overflow in int
flatbuffers::ReadScalar<int>OSV-2021-347: Heap-buffer-overflow in
flatbuffers::Table* flatbuffers::GetMutableRoot<flatbuffers::Table>OSV-2021-349: Heap-buffer-overflow in
flatbuffers::vector_downward::fillOSV-2021-520: Heap-buffer-overflow in
flatbuffers::EscapeStringOSV-2021-541: Heap-buffer-overflow in
flatbuffers::Table* flatbuffers::GetMutableRoot<flatbuffers::Table>OSV-2021-581: UNKNOWN READ in unsigned short
flatbuffers::ReadScalar<unsigned short>The text was updated successfully, but these errors were encountered: