GO-2021-0113

Source
https://pkg.go.dev/vuln/GO-2021-0113
Import Source
https://vuln.go.dev/ID/GO-2021-0113.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2021-0113
Aliases
Related
Published
2021-10-06T17:51:21Z
Modified
2024-05-20T16:03:47Z
Summary
Out-of-bounds read in golang.org/x/text/language
Details

Due to improper index calculation, an incorrectly formatted language tag can cause Parse to panic via an out of bounds read. If Parse is used to process untrusted user inputs, this may be used as a vector for a denial of service attack.

Database specific
{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2021-0113"
}
References
Credits
    • Guido Vranken

Affected packages

Go / golang.org/x/text

Package

Name
golang.org/x/text
View open source insights on deps.dev
Purl
pkg:golang/golang.org/x/text

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.7

Ecosystem specific

{
    "imports": [
        {
            "path": "golang.org/x/text/language",
            "symbols": [
                "MatchStrings",
                "MustParse",
                "Parse",
                "ParseAcceptLanguage"
            ]
        }
    ]
}