High severityNVD Advisory· Published Dec 26, 2022· Updated Apr 14, 2025
CVE-2021-38561
CVE-2021-38561
Description
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
golang.org/x/textGo | < 0.3.7 | 0.3.7 |
Affected products
24- golang.org/x/textdescription
- osv-coords23 versionspkg:apk/chainguard/dex-k8s-authenticatorpkg:apk/chainguard/dynamic-localpv-provisionerpkg:apk/chainguard/dynamic-localpv-provisioner-fipspkg:apk/chainguard/gitleakspkg:apk/chainguard/heypkg:apk/chainguard/k3dpkg:apk/chainguard/k3d-proxypkg:apk/chainguard/k3d-toolspkg:apk/chainguard/prometheus-postgres-exporter-0.10pkg:apk/chainguard/terraform-provider-sendgridpkg:apk/chainguard/terraform-provider-sendgrid-fipspkg:apk/chainguard/vt-clipkg:apk/wolfi/dynamic-localpv-provisionerpkg:apk/wolfi/gitleakspkg:apk/wolfi/heypkg:apk/wolfi/k3dpkg:apk/wolfi/k3d-proxypkg:apk/wolfi/k3d-toolspkg:apk/wolfi/terraform-provider-sendgridpkg:apk/wolfi/vt-clipkg:golang/golang.org/x/textpkg:rpm/opensuse/cni&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/gitleaks&distro=openSUSE%20Tumbleweed
< 0+ 22 more
- (no CPE)range: < 0
- (no CPE)range: < 3.4.1-r3
- (no CPE)range: < 3.5.0-r0
- (no CPE)range: < 8.18.2-r1
- (no CPE)range: < 0.1.4-r3
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 0
- (no CPE)range: < 1.0.1-r1
- (no CPE)range: < 1.0.1-r1
- (no CPE)range: < 1.0.0-r3
- (no CPE)range: < 3.4.1-r3
- (no CPE)range: < 8.18.2-r1
- (no CPE)range: < 0.1.4-r3
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 1.0.1-r1
- (no CPE)range: < 1.0.0-r3
- (no CPE)range: < 0.3.7
- (no CPE)range: < 1.1.2-2.1
- (no CPE)range: < 8.18.3-1.1
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-ppp9-7jff-5vj2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-38561ghsaADVISORY
- deps.dev/advisory/OSV/GO-2021-0113ghsaWEB
- go.dev/cl/340830ghsaWEB
- go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56fghsaWEB
- groups.google.com/g/golang-announceghsaWEB
- pkg.go.dev/golang.org/x/text/languageghsaWEB
- pkg.go.dev/vuln/GO-2021-0113ghsaWEB
News mentions
0No linked articles in our index yet.