New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Go: new query for detect DOS vulnerability #15130
base: main
Are you sure you want to change the base?
Conversation
|
Hello Malayke 👋 In the meantime, feel free to make changes to the pull request. If you'd like to maximize payout for your this and future submissions, here are a few general guidelines, that we might take into consideration when reviewing a submission.
Please note that these are guidelines, not rules. Since we have a lot of different types of submissions, the guidelines might vary for each submission. Happy hacking! |
|
Are you aware of the existing query |
|
I carefully read the code of According to my testing, when the The query I wrote specifically checks whether the size of the make slice is directly defined by an untrusted source. From the results of the two queries, it seems that AllocationSizeOverflow cannot detect the vulnerabilities of the two CVEs I mentioned. |
This is part of All for one, one for all query submission, I'm going to submit an issue in github/securitylab for this pull request too.
slices created with the built-in make function from user-controlled sources using a maliciously large value possibly leading to a denial of service.