x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2018-1000538

[tatianab]

CVE-2018-1000538 references github.com/minio/minio, which may be a Go module.

Description:
Minio Inc. Minio S3 server version prior to RELEASE.2018-05-16T23-35-33Z contains a Allocation of Memory Without Limits or Throttling (similar to CWE-774) vulnerability in write-to-RAM that can result in Denial of Service. This attack appear to be exploitable via Sending V4-(pre)signed requests with large bodies . This vulnerability appears to have been fixed in after commit 9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2018-1000538
• fix: minio/minio@9c8b730#diff-e8c3bc9bc83b5516d0cc806cd461d08bL220
• fix: security: fix write-to-RAM DoS vulnerability minio/minio#5957
• Imported by: https://pkg.go.dev/github.com/minio/minio?tab=importedby

Cross references:

• Module github.com/minio/minio appears in issue x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2021-43858 #285 EFFECTIVELY_PRIVATE
• Module github.com/minio/minio appears in issue x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2022-24842 #421 EFFECTIVELY_PRIVATE
• Module github.com/minio/minio appears in issue x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2022-31028 #479 EFFECTIVELY_PRIVATE
• Module github.com/minio/minio appears in issue x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2022-35919 #756 EFFECTIVELY_PRIVATE
• Module github.com/minio/minio appears in issue x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2023-25812 #1591 EFFECTIVELY_PRIVATE
• Module github.com/minio/minio appears in issue x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2023-27589 #1634 EFFECTIVELY_PRIVATE
• Module github.com/minio/minio appears in issue x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2023-28432 #1667 EFFECTIVELY_PRIVATE
• Module github.com/minio/minio appears in issue x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2023-28433 #1668 EFFECTIVELY_PRIVATE
• Module github.com/minio/minio appears in issue x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2023-28434 #1669 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/minio/minio
      vulnerable_at: 0.0.0-20231108174705-15137d032704
      packages:
        - package: n/a
cves:
    - CVE-2018-1000538
references:
    - fix: https://github.com/minio/minio/commit/9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7#diff-e8c3bc9bc83b5516d0cc806cd461d08bL220
    - fix: https://github.com/minio/minio/pull/5957

[gopherbot]

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports