[GHSA-6jwv-w5xf-7j27] go.etcd.io/bbolt affected by index out-of-range vulnerability#7329
Open
ryanbekhen wants to merge 1 commit intoryanbekhen/advisory-improvement-7329from
Open
Conversation
github-actions
bot
changed the base branch from
main
to
ryanbekhen/advisory-improvement-7329
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the GitHub-reviewed advisory entry for GHSA-6jwv-w5xf-7j27 (go.etcd.io/bbolt) to provide clearer downstream impact and exploitation context, focusing on practical DoS/panic risk from malformed BoltDB files.
Changes:
- Refines the advisory summary to explicitly call out panic/DoS behavior.
- Expands the advisory details with impact, prerequisites, and mitigation guidance.
- Bumps the advisory
modifiedtimestamp.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
advisories/github-reviewed/2026/04/GHSA-6jwv-w5xf-7j27/GHSA-6jwv-w5xf-7j27.json
Show resolved
Hide resolved
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updates
Comments
The current description is accurate but too brief for downstream impact assessment. It does not explain that exploitation requires a malformed or attacker-controlled BoltDB file, and that the practical impact is primarily denial of service via panic/crash rather than direct confidentiality or integrity loss.
Clarifying these points would help maintainers distinguish local file-control scenarios from remotely reachable attack surfaces and apply appropriate mitigations while no patched release is available.