Ask questions[SECURITY] Implementation of readUvarint vulnerable to CVE-2020-16845

Implementation of readUvarint at is very similar to the vulnerable code in the Golang encoding/binary library and seems to suffer from the same vulnerability described in

See the fix at

Note: I couldn't find any information on how to disclose this issue to the maintainers. I would also suggest setting up a Security Policy for the project within GitHub


Answer questions ulikunitz

I got the following information:

GitHub has issued CVE-2021-29482 for this Security Advisory after reviewing it for compliance with CVE rules. Since you've already published this Security Advisory, we'll publish this CVE to the CVE List.


Related questions

No questions were found.
Ulrich Kunitz ulikunitz Germany Go developer interested in compression; DevOps manager for identity & authentication
Github User Rank List