x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2018-1000538 #2206

tatianab · 2023-11-08T22:01:44Z

CVE-2018-1000538 references github.com/minio/minio, which may be a Go module.

Description:
Minio Inc. Minio S3 server version prior to RELEASE.2018-05-16T23-35-33Z contains a Allocation of Memory Without Limits or Throttling (similar to CWE-774) vulnerability in write-to-RAM that can result in Denial of Service. This attack appear to be exploitable via Sending V4-(pre)signed requests with large bodies . This vulnerability appears to have been fixed in after commit 9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7.

References:

Cross references:

Module github.com/minio/minio appears in issue x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2021-43858 #285 EFFECTIVELY_PRIVATE
Module github.com/minio/minio appears in issue x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2022-24842 #421 EFFECTIVELY_PRIVATE
Module github.com/minio/minio appears in issue x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2022-31028 #479 EFFECTIVELY_PRIVATE
Module github.com/minio/minio appears in issue x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2022-35919 #756 EFFECTIVELY_PRIVATE
Module github.com/minio/minio appears in issue x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2023-25812 #1591 EFFECTIVELY_PRIVATE
Module github.com/minio/minio appears in issue x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2023-27589 #1634 EFFECTIVELY_PRIVATE
Module github.com/minio/minio appears in issue x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2023-28432 #1667 EFFECTIVELY_PRIVATE
Module github.com/minio/minio appears in issue x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2023-28433 #1668 EFFECTIVELY_PRIVATE
Module github.com/minio/minio appears in issue x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2023-28434 #1669 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/minio/minio
      vulnerable_at: 0.0.0-20231108174705-15137d032704
      packages:
        - package: n/a
cves:
    - CVE-2018-1000538
references:
    - fix: https://github.com/minio/minio/commit/9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7#diff-e8c3bc9bc83b5516d0cc806cd461d08bL220
    - fix: https://github.com/minio/minio/pull/5957

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-11-08T22:29:11Z

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports

tatianab added the excluded: LEGACY_FALSE_POSITIVE (DO NOT USE) Vulnerability marked as false positive before we introduced the triage process label Nov 8, 2023

gopherbot closed this as completed in 497caf9 Nov 8, 2023

GoVulnBot mentioned this issue Feb 1, 2024

x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2024-24747 #2499

Closed

GoVulnBot mentioned this issue May 28, 2024

x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2024-36107 #2886

Closed

GoVulnBot mentioned this issue Dec 16, 2024

x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2024-55949 #3341

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2018-1000538 #2206

x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2018-1000538 #2206

tatianab commented Nov 8, 2023

gopherbot commented Nov 8, 2023

x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2018-1000538 #2206

x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2018-1000538 #2206

Comments

tatianab commented Nov 8, 2023

gopherbot commented Nov 8, 2023