GO-2020-0015

Source

https://pkg.go.dev/vuln/GO-2020-0015

Import Source

https://vuln.go.dev/ID/GO-2020-0015.json

Aliases

Published

2021-04-14T20:04:52Z

Modified

2023-11-08T04:02:25.129560Z

Details

An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to transform.String. If used to parse user supplied input, this may be used as a denial of service vector.

References

Affected packages

Go / golang.org/x/text

Package

Name: golang.org/x/text

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.3.3

Ecosystem specific

{
    "imports": [
        {
            "path": "golang.org/x/text/encoding/unicode",
            "symbols": [
                "bomOverride.Transform",
                "utf16Decoder.Transform"
            ]
        },
        {
            "path": "golang.org/x/text/transform",
            "symbols": [
                "String"
            ]
        }
    ]
}