{"id":"GO-2023-1874","summary":"Denial of service in github.com/corazawaf/coraza/v2 and v3","details":"Due to the misuse of log.Fatalf, Coraza may crash after receiving crafted requests from attackers.","aliases":["CVE-2023-40586","GHSA-c2pj-v37r-2p6h"],"modified":"2024-05-20T16:03:47Z","published":"2023-07-05T17:30:04Z","database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2023-1874"},"references":[{"type":"ADVISORY","url":"https://github.com/corazawaf/coraza/security/advisories/GHSA-c2pj-v37r-2p6h"},{"type":"FIX","url":"https://github.com/corazawaf/coraza/commit/a5239ba3ce839e14d9b4f9486e1b4a403dcade8c"},{"type":"WEB","url":"https://github.com/corazawaf/coraza/releases/tag/v3.0.1"}],"affected":[{"package":{"name":"github.com/corazawaf/coraza/v2","ecosystem":"Go","purl":"pkg:golang/github.com/corazawaf/coraza/v2"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/corazawaf/coraza/v2/bodyprocessors","symbols":["multipartBodyProcessor.Read"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2023-1874.json"}},{"package":{"name":"github.com/corazawaf/coraza/v3","ecosystem":"Go","purl":"pkg:golang/github.com/corazawaf/coraza/v3"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.0.1"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/corazawaf/coraza/v3/internal/bodyprocessors","symbols":["multipartBodyProcessor.ProcessRequest"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2023-1874.json"}}],"schema_version":"1.7.3","credits":[{"name":"rmb122"}]}