From 31ee6fe747f0854ad235a39de2b6a58051abf0a7 Mon Sep 17 00:00:00 2001 From: ACHMAD IRIANTO EKA PUTRA Date: Wed, 8 Apr 2026 22:37:10 +0800 Subject: [PATCH] Improve GHSA-6jwv-w5xf-7j27 --- .../2026/04/GHSA-6jwv-w5xf-7j27/GHSA-6jwv-w5xf-7j27.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/advisories/github-reviewed/2026/04/GHSA-6jwv-w5xf-7j27/GHSA-6jwv-w5xf-7j27.json b/advisories/github-reviewed/2026/04/GHSA-6jwv-w5xf-7j27/GHSA-6jwv-w5xf-7j27.json index 299c7f3135a8e..302b4adf91b56 100644 --- a/advisories/github-reviewed/2026/04/GHSA-6jwv-w5xf-7j27/GHSA-6jwv-w5xf-7j27.json +++ b/advisories/github-reviewed/2026/04/GHSA-6jwv-w5xf-7j27/GHSA-6jwv-w5xf-7j27.json @@ -1,13 +1,13 @@ { "schema_version": "1.4.0", "id": "GHSA-6jwv-w5xf-7j27", - "modified": "2026-04-08T00:15:13Z", + "modified": "2026-04-08T00:15:14Z", "published": "2026-04-06T21:31:34Z", "aliases": [ "CVE-2026-33817" ], - "summary": "go.etcd.io/bbolt affected by index out-of-range vulnerability", - "details": "Index out-of-range when encountering a branch page with zero elements in go.etcd.io/bbolt", + "summary": "go.etcd.io/bbolt can panic on malformed branch page with zero elements (DoS)", + "details": "`go.etcd.io/bbolt` may panic with an index out-of-range error when traversing a malformed/corrupted branch page that contains zero elements.\n\n### Impact\nThis is primarily an availability issue (panic / process crash / denial of service) when the vulnerable code path is reached while reading crafted database contents.\n\n### Exploitation prerequisites\nExploitation requires attacker-controlled or corrupted BoltDB file contents. This is typically not remotely triggerable unless an attacker can influence the database file (for example via writable shared volumes, weak filesystem permissions, or prior local compromise).\n\n### Mitigations\n- Restrict ownership and permissions of BoltDB files and parent directories.\n- Prevent untrusted write access to storage paths containing BoltDB files.\n- Use backups and corruption-recovery procedures.\n\nIf no fixed release is available yet, consumers should apply the mitigations above and monitor upstream for a patched version.\n", "severity": [ { "type": "CVSS_V3",