x/vulndb: potential Go vuln in github.com/cloudflare/goflow: CVE-2022-2529

[GoVulnBot]

CVE-2022-2529 references github.com/cloudflare/goflow, which may be a Go module.

Description:
sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2022-2529
• JSON: https://github.com/CVEProject/cvelist/tree/71ef415dadc178efb4c5275adfb2043f557d849a/2022/2xxx/CVE-2022-2529.json
• web: GHSA-9rpw-2h95-666c
• Imported by: https://pkg.go.dev/github.com/cloudflare/goflow?tab=importedby

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: github.com/cloudflare/goflow
    packages:
      - package: goflow
description: |+
    sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service.


cves:
  - CVE-2022-2529
credit: Justin Timperio, Chase Hiltz
references:
  - web: https://github.com/cloudflare/goflow/security/advisories/GHSA-9rpw-2h95-666c

[gopherbot]

Change https://go.dev/cl/439038 mentions this issue: data/excluded: add GO-2022-1032.yaml for CVE-2022-2529

[gopherbot]

Change https://go.dev/cl/592774 mentions this issue: data/reports: unexclude 50 reports

[gopherbot]

Change https://go.dev/cl/607230 mentions this issue: data/reports: unexclude 20 reports (28)