GMS-2022-9287: Malformed CAR panics and excessive memory usage
(updated )
Decoding CAR data from untrusted user input can cause, panics, out-of-bound memory access, out of memory, divide by zero, and excessive memory usage. Such panics can be triggered by intentionally malformed CARv1 data, including CARv1 data within a CARv2 container; and also CARv2 data with excessively large indexes. These vulnerabilities are not known to be exploited in the wild and were discovered primarily with the use of code fuzzing tooling.
References
Detect and mitigate GMS-2022-9287 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →