{"schema_version":"1.3.1","id":"GO-2022-1083","modified":"2024-05-20T16:03:47Z","published":"2022-11-02T21:52:22Z","aliases":["CVE-2022-43677","GHSA-59hj-62f5-fgmc"],"summary":"Panic on malformed messages in github.com/free5gc/aper","details":"A malformed message can crash the free5gc/amf and free5gc/ngap decoders via an index-out-of-range panic in aper.GetBitString.","affected":[{"package":{"name":"github.com/free5gc/aper","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/free5gc/aper","symbols":["GetBitString","GetBitsValue","Marshal","MarshalWithParams","Unmarshal","UnmarshalWithParams"]}]}}],"references":[{"type":"REPORT","url":"https://github.com/free5gc/free5gc/issues/402"}],"credits":[{"name":"@fisherwky"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-1083","review_status":"REVIEWED"}}