CVE-2026-7482: Unsafe Slice Unvalidated Count After Io Readall
'unsafe.Slice' constructs a typed slice from a byte buffer ($DATA) populated by 'io.ReadAll' using an element count ($COUNT) that is never validated against the actual buffer length. When $COUNT is derived from externally-supplied file-format metadata (e.g., a GGUF tensor shape field), an attacker can craft input so the declared count far exceeds the real da
greprules fetch cve-2026-7482-unsafe-slice-unvalidated-count-after-io-readall --engine opengrepDescription
'unsafe.Slice' constructs a typed slice from a byte buffer ($DATA) populated by 'io.ReadAll' using an element count ($COUNT) that is never validated against the actual buffer length. When $COUNT is derived from externally-supplied file-format metadata (e.g., a GGUF tensor shape field), an attacker can craft input so the declared count far exceeds the real da
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.