While working on iotex-core project, I scanned the dependency manifest and found that it uses a vulnerable version of github.com/ipld/go-ipld-prime. The scan revealed an unbounded memory allocation issue in the DAG-CBOR decoder, where crafted payloads can trigger excessive memory usage, potentially leading to a denial of service.
CVE Report
CVE Link
While working on iotex-core project, I scanned the dependency manifest and found that it uses a vulnerable version of
github.com/ipld/go-ipld-prime. The scan revealed an unbounded memory allocation issue in the DAG-CBOR decoder, where crafted payloads can trigger excessive memory usage, potentially leading to a denial of service.CVE Report
CVE Link