diff options
| author | Markus Pettersson <markus.pettersson@mullvad.net> | 2025-09-15 09:47:39 +0200 |
|---|---|---|
| committer | Markus Pettersson <markus.pettersson@mullvad.net> | 2025-09-16 09:58:29 +0200 |
| commit | 4ea431fcbb504ebe4c69365b3805a05baba3b803 (patch) | |
| tree | e434a853b014ce94d1db104f5b554f54e4789f5a | |
| parent | e53dec928ab31d67c5a59115ed8d75c189aea181 (diff) | |
| download | mullvadvpn-4ea431fcbb504ebe4c69365b3805a05baba3b803.tar.xz mullvadvpn-4ea431fcbb504ebe4c69365b3805a05baba3b803.zip | |
Extend ignore of Go CVEs in `libwg`
Instruct `osv-scanner` to ignore a bunch of CVEs that affect Go code in
wireguard-go-rs/libwg. All CVEs have been checked to not affect libwg in
any way, so they are safe to ignore.
| -rw-r--r-- | wireguard-go-rs/libwg/osv-scanner.toml | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/wireguard-go-rs/libwg/osv-scanner.toml b/wireguard-go-rs/libwg/osv-scanner.toml index e735b63a40..fc3ba9e000 100644 --- a/wireguard-go-rs/libwg/osv-scanner.toml +++ b/wireguard-go-rs/libwg/osv-scanner.toml @@ -2,95 +2,95 @@ # Stack exhaustion in Decoder.Decode in encoding/gob [[IgnoredVulns]] id = "CVE-2024-34156" # GO-2024-3106 -ignoreUntil = 2025-09-12 +ignoreUntil = 2026-09-12 reason = "wireguard-go does not use the affected code" # Stack exhaustion in Parse in go/build/constraint [[IgnoredVulns]] id = "CVE-2024-34158" # GO-2024-3107 -ignoreUntil = 2025-09-12 +ignoreUntil = 2026-09-12 reason = "wireguard-go does not use the affected code" # Stack exhaustion in all Parse functions in go/parser [[IgnoredVulns]] id = "CVE-2024-34155" # GO-2024-3105 -ignoreUntil = 2025-09-12 +ignoreUntil = 2026-09-12 reason = "wireguard-go does not use the affected code" # Denial of service in HTML Parse function in go/net/html [[IgnoredVulns]] id = "CVE-2024-45338" # GO-2024-3333 -ignoreUntil = 2025-09-12 +ignoreUntil = 2026-09-12 reason = "wireguard-go does not use the affected code" # Denial of service in HTML Parse function in go/net/html [[IgnoredVulns]] id = "GHSA-w32m-9786-jp63" # GO-2024-3333 -ignoreUntil = 2025-09-12 +ignoreUntil = 2026-09-12 reason = "wireguard-go does not use the affected code" # Sensitive headers incorrectly sent after cross-domain redirect in net/http [[IgnoredVulns]] id = "CVE-2024-45336" # GO-2025-3420 -ignoreUntil = 2025-09-12 +ignoreUntil = 2026-09-12 reason = "wireguard-go does not use the affected code" # Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 [[IgnoredVulns]] id = "CVE-2024-45341" # GO-2025-3373 -ignoreUntil = 2025-09-12 +ignoreUntil = 2026-09-12 reason = "wireguard-go does not use the affected code" # Denial of service in golang.org/x/crypto (for SSH server implementations) [[IgnoredVulns]] id = "CVE-2025-22869" # GO-2025-3487 -ignoreUntil = 2025-09-12 +ignoreUntil = 2026-09-12 reason = "wireguard-go does not use the affected code" # Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec. We don't deploy to PowerPC. [[IgnoredVulns]] id = "CVE-2025-22866" # GO-2025-3447 -ignoreUntil = 2025-09-12 +ignoreUntil = 2026-09-12 reason = "wireguard-go does not use the affected code" # HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [[IgnoredVulns]] id = "CVE-2025-22870" # GO-2025-3503 -ignoreUntil = 2025-09-12 +ignoreUntil = 2026-09-12 reason = "wireguard-go does not use x/net/proxy nor x/net/http/httpproxy" # Request smuggling due to acceptance of invalid chunked data in net/http [[IgnoredVulns]] id = "CVE-2025-22871" # GO-2025-3563 -ignoreUntil = 2025-09-12 +ignoreUntil = 2026-09-12 reason = "wireguard-go does not use net/http" # Incorrect Neutralization of Input During Web Page Generation in x/net [[IgnoredVulns]] id = "CVE-2025-22872" # GO-2025-3595 -ignoreUntil = 2025-09-12 +ignoreUntil = 2026-09-12 reason = "wireguard-go does not use x/net/html" # Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall [[IgnoredVulns]] id = "CVE-2025-0913" # GO-2025-3750 -ignoreUntil = 2025-09-12 +ignoreUntil = 2026-09-12 reason = "wireguard-go does not use OpenFile on Windows" # Sensitive headers not cleared on cross-origin redirect in net/http [[IgnoredVulns]] id = "CVE-2025-4673" # GO-2025-3751 -ignoreUntil = 2025-09-12 +ignoreUntil = 2026-09-12 reason = "wireguard-go does not use Proxy-Authorization or Proxy-Authenticate headers" # Usage of ExtKeyUsageAny disables policy validation in crypto/x509 [[IgnoredVulns]] id = "CVE-2025-22874" # GO-2025-3749 -ignoreUntil = 2025-09-12 +ignoreUntil = 2026-09-12 reason = "wireguard-go does not use crypto/x509" # Incorrect results returned from Rows.Scan in database/sql [[IgnoredVulns]] id = "CVE-2025-47907" # GO-2025-3849 -ignoreUntil = 2025-09-12 +ignoreUntil = 2026-09-12 reason = "wireguard-go does not use database/sql" |