Infinite Loop Affecting github.com/ulikunitz/xz Open this link in a new tab package, versions <0.5.8
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
1 Sep 2020
19 Aug 2020
How to fix?
github.com/ulikunitz/xz to version 0.5.8 or higher.
github.com/ulikunitz/xz is a package for reading and writing of xz compressed streams.
Affected versions of this package are vulnerable to Infinite Loop. An attacker could construct a byte sequence so that
readUvarint would not stop to consume bytes.