Go modules package
golang.org/x/text
pkg:golang/golang.org/x/text
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-38561 | — | < 0.3.7 | 0.3.7 | Dec 26, 2022 | golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack. | ||
| CVE-2022-32149 | — | < 0.3.8 | 0.3.8 | Oct 14, 2022 | An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse. | ||
| CVE-2020-14040 | — | < 0.3.3 | 0.3.3 | Jun 17, 2020 | The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM o |
- CVE-2021-38561Dec 26, 2022affected < 0.3.7fixed 0.3.7
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.
- CVE-2022-32149Oct 14, 2022affected < 0.3.8fixed 0.3.8
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.
- CVE-2020-14040Jun 17, 2020affected < 0.3.3fixed 0.3.3
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM o