x/vulndb: suggestion regarding GO-2025-3408 #3453
Labels
Comments
|
Change https://go.dev/cl/647035 mentions this issue: |
|
Thanks for letting us know. I have withdrawn the report. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Report ID
GO-2025-3408
Suggestion/Comment
👋 from HashiCorp Security. This report, GO-2025-3408, was proposed for and published in vulndb before we had a chance to review / investigate fully.
Based on investigations documented & concluded elsewhere (ref hashicorp/yamux#142 & hashicorp/yamux#143), we do not believe that Yamux is exposed to a denial of service vulnerability as described.
Yamux requires that dependent applications explicitly close streams on write errors. Coding errors may cause network connectivity issues, but Yamux does not attempt to defend against these errors by design.
This library has a broad set of dependents and - in order to avoid confusion and / or vulnerability scanner driven churn for those dependents - we request that this entry be removed from the database or otherwise marked as invalid. Thanks!
The text was updated successfully, but these errors were encountered: