diff options
| author | Markus Pettersson <markus.pettersson@mullvad.net> | 2025-03-12 12:41:48 +0100 |
|---|---|---|
| committer | Markus Pettersson <markus.pettersson@mullvad.net> | 2025-03-12 12:41:48 +0100 |
| commit | 1c19bb165bac9145226010e7402d6608986f49f7 (patch) | |
| tree | ea2e029104bd63cd404f299533e4152b2eb46a2b | |
| parent | 2935cc630c8bc59f548504ffa841e14f76ec7632 (diff) | |
| parent | 34cb4f1ab2f5640669c2518a6d69e2adc3aeb062 (diff) | |
| download | mullvadvpn-1c19bb165bac9145226010e7402d6608986f49f7.tar.xz mullvadvpn-1c19bb165bac9145226010e7402d6608986f49f7.zip | |
Merge branch 'silence-cves-libwg'
| -rw-r--r-- | wireguard-go-rs/libwg/osv-scanner.toml | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/wireguard-go-rs/libwg/osv-scanner.toml b/wireguard-go-rs/libwg/osv-scanner.toml index c6fd4f3e2e..056e788f61 100644 --- a/wireguard-go-rs/libwg/osv-scanner.toml +++ b/wireguard-go-rs/libwg/osv-scanner.toml @@ -2,41 +2,53 @@ # Stack exhaustion in Decoder.Decode in encoding/gob [[IgnoredVulns]] id = "CVE-2024-34156" # GO-2024-3106 -ignoreUntil = 2025-03-18 +ignoreUntil = 2025-06-12 reason = "wireguard-go does not use the affected code" # Stack exhaustion in Parse in go/build/constraint [[IgnoredVulns]] id = "CVE-2024-34158" # GO-2024-3107 -ignoreUntil = 2025-03-18 +ignoreUntil = 2025-06-12 reason = "wireguard-go does not use the affected code" # Stack exhaustion in all Parse functions in go/parser [[IgnoredVulns]] id = "CVE-2024-34155" # GO-2024-3105 -ignoreUntil = 2025-03-18 +ignoreUntil = 2025-06-12 reason = "wireguard-go does not use the affected code" # Denial of service in HTML Parse function in go/net/html [[IgnoredVulns]] id = "CVE-2024-45338" # GO-2024-3333 -ignoreUntil = 2025-03-19 +ignoreUntil = 2025-06-12 reason = "wireguard-go does not use the affected code" # Denial of service in HTML Parse function in go/net/html [[IgnoredVulns]] id = "GHSA-w32m-9786-jp63" # GO-2024-3333 -ignoreUntil = 2025-03-19 +ignoreUntil = 2025-06-12 reason = "wireguard-go does not use the affected code" # Sensitive headers incorrectly sent after cross-domain redirect in net/http [[IgnoredVulns]] id = "CVE-2024-45336" # GO-2025-3420 -ignoreUntil = 2025-04-28 +ignoreUntil = 2025-06-12 reason = "wireguard-go does not use the affected code" # Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 [[IgnoredVulns]] id = "CVE-2024-45341" # GO-2025-3373 -ignoreUntil = 2025-04-28 +ignoreUntil = 2025-06-12 +reason = "wireguard-go does not use the affected code" + +# Denial of service in golang.org/x/crypto (for SSH server implementations) +[[IgnoredVulns]] +id = "CVE-2025-22869" # GO-2025-3487 +ignoreUntil = 2025-06-12 +reason = "wireguard-go does not use the affected code" + +# Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec. We don't deploy to PowerPC. +[[IgnoredVulns]] +id = "CVE-2025-22866" # GO-2025-3447 +ignoreUntil = 2025-06-12 reason = "wireguard-go does not use the affected code" |