golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.
References
Link | Resource |
---|---|
https://deps.dev/advisory/OSV/GO-2021-0113 | Patch Third Party Advisory |
https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f | Mailing List Patch Vendor Advisory |
https://groups.google.com/g/golang-announce | Mailing List Third Party Advisory |
https://pkg.go.dev/golang.org/x/text/language | Product Vendor Advisory |
Configurations
History
05 Jan 2023, 04:52
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f - Mailing List, Patch, Vendor Advisory | |
References | (MISC) https://pkg.go.dev/golang.org/x/text/language - Product, Vendor Advisory | |
References | (MISC) https://groups.google.com/g/golang-announce - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://deps.dev/advisory/OSV/GO-2021-0113 - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:golang:text:*:*:*:*:*:*:*:* | |
CWE | CWE-125 | |
First Time |
Golang
Golang text |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
26 Dec 2022, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-26 06:15
Updated : 2023-12-10 14:48
NVD link : CVE-2021-38561
Mitre link : CVE-2021-38561
CVE.ORG link : CVE-2021-38561
JSON object : View
Products Affected
golang
- text
CWE
CWE-125
Out-of-bounds Read