CVE-2026-33817: Withdrawn Advisory: go.etcd.io/bbolt affected by index out-of-range vulnerability

April 6, 2026 (updated April 13, 2026)

Withdrawn Advisory

This advisory has been withdrawn because its CVE Numbering Authority has determined this issue to be a false positive. This link is maintained to preserve external references.

Original Description

Index out-of-range when encountering a branch page with zero elements in go.etcd.io/bbolt

References

github.com/advisories/GHSA-6jwv-w5xf-7j27
github.com/etcd-io/bbolt
github.com/etcd-io/bbolt/pull/1171/changes/386d5b69785937d1aa20cb25c8439404cf398143
github.com/golang/vulndb/issues/4923
nvd.nist.gov/vuln/detail/CVE-2026-33817
pkg.go.dev/vuln/GO-2026-4923

Code Behaviors & Features

Detect and mitigate CVE-2026-33817 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →