CVE-2021-4070 – github.com/v2fly/v2ray-core

Package

Manager: go
Name: github.com/v2fly/v2ray-core
Vulnerable Version: >=0 <4.44.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00227 pctl0.45348

Details

Off-by-one Error in v2fly/v2ray-core v2fly/v2ray-core prior to 4.44.0 is vulnerable to an off-by-one error. Indexing operations on arrays, slices, or strings should use an index at most one less than the length. If the index is checked for being less than or equal to the length (`<=`), instead of less than the length (`<`), the index could be out of bounds.

Metadata

Created: 2022-02-24T00:00:52Z
Modified: 2022-03-03T19:17:50Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-4cxw-hq44-r344/GHSA-4cxw-hq44-r344.json
CWE IDs: ["CWE-193"]
Alternative ID: GHSA-4cxw-hq44-r344
Finding: F014
Auto approve: 1