8000 x/vulndb: potential Go vuln in github.com/linkerd/linkerd2: GHSA-42mr-jpwh-m9rv · Issue #3664 · golang/vulndb · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

x/vulndb: potential Go vuln in github.com/linkerd/linkerd2: GHSA-42mr-jpwh-m9rv #3664

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
GoVulnBot opened this issue May 6, 2025 · 2 comments
Open

x/vulndb: potential Go vuln in github.com/linkerd/linkerd2: GHSA-42mr-jpwh-m9rv #3664

GoVulnBot opened this issue May 6, 2025 · 2 comments
Labels
high priority triaged waiting the issue is waiting for additional information from an external source

Comments

@GoVulnBot
Copy link

Advisory GHSA-42mr-jpwh-m9rv references a vulnerability in the following Go modules:

Module
github.com/linkerd/linkerd2

Description:
In Buoyant Edge releases before edge-25.2.1 and Enterprise for Linkerd releases 2.16.* before 2.16.5, 2.17.* before 2.17.2, and 2.18.* before 2.18.0, resource exhaustion can occur 8000 for Linkerd proxy metrics.

References:

Cross references:

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/linkerd/linkerd2
      non_go_versions:
        - fixed: 0.6.0-20250501173313-4823b7af3e1e
      vulnerable_at: 18.9.1+incompatible
summary: Linkerd resource exhaustion vulnerability in github.com/linkerd/linkerd2
cves:
    - CVE-2025-43915
ghsas:
    - GHSA-42mr-jpwh-m9rv
references:
    - advisory: https://github.com/advisories/GHSA-42mr-jpwh-m9rv
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-43915
    - web: https://docs.buoyant.io/security/advisories/2025-01
    - web: https://www.buoyant.io/resources
source:
    id: GHSA-42mr-jpwh-m9rv
    created: 2025-05-06T01:01:25.236926204Z
review_status: UNREVIEWED
@thatnealpatel thatnealpatel added high priority triaged waiting the issue is waiting for additional information from an external source and removed NeedsTriage labels May 6, 2025
@thatnealpatel
Copy link
Member

Unable to resolve symbols without a fix link.

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/670695 mentions this issue: data/reports: add GO-2025-3664

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
high priority triaged waiting the issue is waiting for additional information from an external source
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gopherbot @thatnealpatel @GoVulnBot
0