Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2022-25304 #1023

Closed
schroeder- opened this issue Sep 7, 2022 · 6 comments
Closed

CVE-2022-25304 #1023

schroeder- opened this issue Sep 7, 2022 · 6 comments

Comments

@schroeder-
Copy link
Contributor

For reference this is CVE-2022-25304 and GHSA-mfpj-3qhm-976m

GitHub already raised an alert in our sample server implementation.

Originally posted by @GoetzGoerisch in #1013 (comment)
@kohtala
Copy link
Contributor

kohtala commented Sep 19, 2022

I think this was fixed in #1039.

@schroeder-
Copy link
Contributor Author

No this is in correct. In this dos is because there are no limits on chunk size.
I am working on a fix.

@kohtala
Copy link
Contributor

kohtala commented Sep 19, 2022

So the CVE mentioned on #1013 is incorrect? If you know of a mistake on an issue, it would be polite to comment about it on that issue and not just create another issue.

@kohtala kohtala mentioned this issue Sep 19, 2022
Closed
@schroeder- schroeder- mentioned this issue Sep 19, 2022
Merged
@schroeder-
Copy link
Contributor Author

Fixed via #1040

@schroeder- schroeder- mentioned this issue Sep 20, 2022
Closed
@SharonBrizinov
Copy link

Thanks @schroeder- ! it looks good

@kohtala
Copy link
Contributor

kohtala commented Sep 22, 2022

Thank you. Trivy no longer complains with the new version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@SharonBrizinov @kohtala @schroeder-