Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integer Overflow or Wraparound in go-kit dependency #1057

Closed
kari-awake opened this issue Feb 15, 2021 · 6 comments
Closed

Integer Overflow or Wraparound in go-kit dependency #1057

kari-awake opened this issue Feb 15, 2021 · 6 comments
Labels
bug
Milestone
v0.11.0

Comments

@kari-awake
Copy link

Nancy tool reports CWE-190: Integer Overflow or Wraparound in:

go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738

etcd-io/etcd#12605
fixed in etcd-io/etcd#12645

It's fixed in release-3.4 branch but it seems that there is no tag yet that has this fix..
@peterbourgon
Copy link
Member

We're waiting for a new etcd release for some other reasons, too...

@kari-awake
Copy link
Author

Any updates on this? Latest etcd 3.4.15...

@peterbourgon
Copy link
Member

I spent 10 minutes trying to update Go kit's etcd version, and couldn't figure it out. The etcd repo doesn't appear to follow Go modules' conventions. Can someone give me a tip?

@peterbourgon
Copy link
Member

Oops.

@peterbourgon peterbourgon reopened this Mar 30, 2021
@kari-awake
Copy link
Author

related? #1067

@peterbourgon peterbourgon mentioned this issue Mar 31, 2021
Closed
@sagikazarmark
Copy link
Contributor

This is fixed on master, will be released soon.

@sagikazarmark sagikazarmark added this to the v0.11.0 milestone Jun 30, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
v0.11.0
Development

No branches or pull requests
3 participants
@peterbourgon @sagikazarmark @kari-awake