Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vulndb: potential Go vuln in github.com/jackc/pgx #2567

Closed
1 task done
ymax opened this issue Feb 20, 2024 · 3 comments
Closed
1 task done

x/vulndb: potential Go vuln in github.com/jackc/pgx #2567

ymax opened this issue Feb 20, 2024 · 3 comments
Assignees
@tatianab
Labels
Direct External Report

Comments

@ymax
Copy link

ymax commented Feb 20, 2024

Acknowledgement

  • The maintainer(s) of the affected project have already been made aware of this vulnerability.

Description

Go panic in Pipeline when PgConn is busy or closed

Affected Modules, Packages, Versions and Symbols

Module: github.com/jackc/pgx
Package: github.com/jackc/pgx/pgconn
Versions:
  - Introduced: 2.0.0
  - Fixed: 5.5.2
Symbols:
  - Pipeline.Sync

CVE/GHSA ID

No response

Fix Commit or Pull Request

jackc/pgx@dfd1980

References

No response

Additional information

No response
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/595964 mentions this issue: data/reports: add GO-2024-2567

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/596435 mentions this issue: data/reports: update GO-2024-2567

gopherbot pushed a commit that referenced this issue Jul 3, 2024
@tatianab
data/reports: update GO-2024-2567
62cc377 
  - data/reports/GO-2024-2567.yaml

Updates #2567
Fixes #2966

Change-Id: If9f3f76eca68ef660b2c3ed58c86a47d383119b6
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/596435
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Tim King <taking@google.com>
@GoVulnBot GoVulnBot mentioned this issue Jul 5, 2024
Closed
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/597156 mentions this issue: data/reports: update 2 reports

gopherbot pushed a commit that referenced this issue Jul 9, 2024
@tatianab
data/reports: update 2 reports
002e9e9 
Add GHSAs for reports we created.

  - data/reports/GO-2024-2567.yaml
  - data/reports/GO-2024-2883.yaml

Updates #2567
Updates #2883
Fixes #2976
Fixes #2975

Change-Id: I4c4a975148abd1e81fd75dd2d74c8e9951f568b1
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/597156
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Tim King <taking@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tatianab tatianab

Labels
Direct External Report
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rolandshoemaker @ymax @tatianab @gopherbot