logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2025-30077 github.com/onosproject/onos-lib-go

Package

Manager: go
Name: github.com/onosproject/onos-lib-go
Vulnerable Version: >=0 <=0.10.28

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00028 pctl0.06138

Details

onos-lib-go allows an index out-of-range panic Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn1/aper GetBitString via a zero value of numBits.

Metadata

Created: 2025-03-16T03:31:32Z
Modified: 2025-03-17T15:35:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-jrqj-6vq2-7r63/GHSA-jrqj-6vq2-7r63.json
CWE IDs: ["CWE-129"]
Alternative ID: GHSA-jrqj-6vq2-7r63
Finding: F184
Auto approve: 1