[GHSA-w5hq-g745-h8pq] uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided#7491
Conversation
|
Hi there @broofa! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository. This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory |
github-actions
Bot
changed the base branch from
main
to
frattaro/advisory-improvement-7491
|
Do not approve this change. OP is mistaking the The title is describing which methods exhibit this issue, not which versions. These methods have had this issue since they were added to the library. The issue was only fixed in the latest major release, version 14.0.0. |
|
oh sorry |
3 participants
Updates
Comments
Judging from the description, this doesn't affect every version below version 14. It only affects versions 3, 5, and 6.
The affected versions field seems like it has poor support for legitimate version tags, so I just changed it to less than v7