{"id":"GO-2021-0076","summary":"Out-of-bounds write in github.com/evanphx/json-patch","details":"A malicious JSON patch can cause a panic due to an out-of-bounds write attempt. This can be used as a denial of service vector if exposed to arbitrary user input.","aliases":["CVE-2018-14632","GHSA-gxhv-3hwf-wjp9"],"modified":"2026-03-17T04:00:06.394360Z","published":"2021-04-14T20:04:52Z","database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2021-0076"},"references":[{"type":"FIX","url":"https://github.com/evanphx/json-patch/pull/57"},{"type":"FIX","url":"https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03"}],"affected":[{"package":{"name":"github.com/evanphx/json-patch","ecosystem":"Go","purl":"pkg:golang/github.com/evanphx/json-patch"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.5.2"},{"introduced":"3.0.0+incompatible"},{"fixed":"3.0.1-0.20180525145409-4c9aadca8f89+incompatible"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/evanphx/json-patch","symbols":["Patch.Apply","Patch.ApplyIndent","partialArray.add"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2021-0076.json"}}],"schema_version":"1.7.5"}