24 matches found
Astra Linux - уязвимость в golang-golang-x-text
An attacker can cause a denial of service by creating an Accept-Language header that requires ParseAcceptLanguage to take significant time to process...
In x/text in Go before v0.3.5 a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
...
In x/text in Go 1.15.4 an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
...
golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags
A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability...
[SECURITY] Fedora 40 Update: apache-commons-text-1.10.0-6.fc40
The Commons Text library provides additions to the standard JDK's text handli ng. Our goal is to provide a consistent set of tools for processing text generally from computing distances between Strings to being able to efficiently do Stri ng escaping of various types...
AZL-45375 CVE-2021-38561 affecting package containernetworking-plugins for versions less than 1.6.1-4
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack...
AZL-44622 CVE-2021-38561 affecting package podman for versions less than 5.6.1-2
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack...
Upgrade Apache Commons-text for CVE-2022-42889
h3. BUG RE-OPENED Jira Service Management 5.4.3 which was supposed to be fixed at 9.4.3 / 5.4.3 is still generating files with common text library of 1.6 version in the /plugins/.osgi-plugins folder. Even after deleting these files, they keep generating them back again in the next restart. Due to...
com.entityassist:entity-assist (>=0.70.0.1 <=1.0.9.14-jre14), com.guicedee.activitymaster:geography-master (=1.1.1.8-jre16) +92 more potentially affected by CVE-2022-42889 via com.guicedee.services:commons-text (>=0.70.0.1 <=1.2.2.1-jre17)
com.guicedee.services:commons-text MAVEN version =0.70.0.1, =0.70.0.1, =1.0.1.6, =1.0.1.6, =1.0.1.6, =1.0.1.6, =1.0.1.6, =1.0.1.6, =1.0.1.6, =1.0.1.6, =1.0.1.6, =1.0.1.6, =1.2.2.1-jre17 and more Source cves: CVE-2022-42889 Source advisory: OSV:GHSA-599F-7C49-W65...
CVE-2022-36844
A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault...
SAMSUNG Mobile devices 缓冲区错误漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A buffer error vulnerability exists in the SMR Sep-2022 Release 1 version of SAMSUNG Mobile devices, which stems from the GetCorrectDbLanguageTypeEsPK...
SAMSUNG Mobile devices 缓冲区错误漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A buffer error vulnerability exists in the SMR Sep-2022 Release 1 version of SAMSUNG Mobile devices, which stems from a heap-based overflow...
SAMSUNG Mobile devices 缓冲区错误漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A buffer error vulnerability exists in the SMR Sep-2022 Release 1 version of SAMSUNG Mobile devices, which stems from the HWR::EngJudgeModel::Construc...
golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension
A flaw was found in golang.org. In x/text, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension...
golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension
A flaw was found in golang.org. In x/text, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension...
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific...
AZL-44148 CVE-2020-28852 affecting package buildah for versions less than 1.41.4-2
In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. x/text/language is supposed to be able to parse an HTTP Accept-Language header...
PT-2021-11584 · X/Text +7 · X/Text +7
Name of the Vulnerable Software and Affected Versions: x/text versions 1.15.4 Description: An "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. The x/text/language package is supposed to be able to parse an HTTP Accept-Language header...
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific...
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific...