golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.
{ "nvd_published_at": "2022-12-26T06:15:00Z", "cwe_ids": [ "CWE-125" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-01-09T20:02:12Z" }