Hi,
I hope this message finds you well.
As part of a research experiment, we developed a tool that allows us to crawl through existing vulnerabilities in upstream projects, that are potentially not fixed in fork.
We have a suspicion that https://github.com/gomini/go-mips32 ,which shares commits with https://github.com/golang/go is still vulnerable to CVE-2023-39533
The vulnerability has been fixed upstream via this commit
https://archive.softwareheritage.org/browse/revision/2350afd2e8ab054390e284c95d5b089c142db017/
However, we could not find the patch applied.
If possible, we would like to know whether it is indeed vulnerable to the vulnerability we described.
Your insight would be very valuable for our experiment.
Do not hesitate to contact us if you want more information.
Thanks again.
Romain Lefeuvre and Charly Reux.
Hi,
I hope this message finds you well.
As part of a research experiment, we developed a tool that allows us to crawl through existing vulnerabilities in upstream projects, that are potentially not fixed in fork.
We have a suspicion that https://github.com/gomini/go-mips32 ,which shares commits with https://github.com/golang/go is still vulnerable to CVE-2023-39533
The vulnerability has been fixed upstream via this commit
https://archive.softwareheritage.org/browse/revision/2350afd2e8ab054390e284c95d5b089c142db017/
However, we could not find the patch applied.
If possible, we would like to know whether it is indeed vulnerable to the vulnerability we described.
Your insight would be very valuable for our experiment.
Do not hesitate to contact us if you want more information.
Thanks again.
Romain Lefeuvre and Charly Reux.