{"schema_version":"1.3.1","id":"GO-2021-0102","modified":"2024-05-20T16:03:47Z","published":"2021-07-28T18:08:05Z","aliases":["CVE-2019-11289","GHSA-5796-p3m6-9qj4"],"summary":"Panic in decryption in code.cloudfoundry.org/gorouter","details":"Due to improper input validation, a maliciously crafted input can cause a panic, due to incorrect nonce size. If this package is used to decrypt user supplied messages without checking the size of supplied nonces, this may be used as a vector for a denial of service attack.","affected":[{"package":{"name":"code.cloudfoundry.org/gorouter","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.0.0-20191101214924-b1b5c44e050f"}]}],"ecosystem_specific":{"imports":[{"path":"code.cloudfoundry.org/gorouter/common/secure","symbols":["AesGCM.Decrypt"]}]}},{"package":{"name":"github.com/cloudfoundry/gorouter","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.0.0-20191101214924-b1b5c44e050f"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/cloudfoundry/gorouter/common/secure","symbols":["AesGCM.Decrypt"]}]}}],"references":[{"type":"FIX","url":"https://github.com/cloudfoundry/gorouter/commit/b1b5c44e050f73b399b379ca63a42a2c5780a83f"},{"type":"WEB","url":"https://www.cloudfoundry.org/blog/cve-2019-11289/"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2021-0102","review_status":"REVIEWED"}}