RHEL 8 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: crypto/elliptic implementations of P-521 and P-384 elliptic curves allow for denial of service...

RHEL 7 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - go: encoding/xml: XML element instability CVE-2020-29511 - The x/text package before 0.3.3 for Go has a...

RHEL 7 : golang.org_x_text (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag CVE-2020-28852 - The...

RHEL 8 : golang.org_x_text (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag CVE-2020-28852 - The...

Rocky Linux 8 : container-tools:rhel8 (RLSA-2020:4694)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4694 advisory. - A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters...

Oracle Linux 8 : container-tools:ol8 (ELSA-2020-4694)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4694 advisory. - A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes cluster...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Go Text vulnerabilities (USN-5873-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5873-1 advisory. It was discovered that Go Text incorrectly handled certain encodings. An attacker could possibly use this issue to cause a denial...

SUSE CVE-2012-2135

The utf-16 decoder in Python 3.1 through 3.3 does not update the alignedend variable after calling the unicodedecodecallerrorhandler function, which allows remote attackers to obtain sensitive information process memory or cause a denial of service memory corruption and crash via unspecified...

Security Bulletin: A vulnerabilty in encoding/unicode in the UTF-16 decoder has been found in x/text package before v0.3.3 for Go that could lead to an infinite loop and denial of service, affecting IBM Cloud Pak for Applications

Summary A vulnerabilty in encoding/unicode in the UTF-16 decoder has been found in x/text package before v0.3.3 for Go that could lead to an infinite loop and denial of service, affecting IBM Cloud Pak for Applications Vulnerability Details CVEID: CVE-2020-14040 DESCRIPTION: Go Language x/text...

GHSA-5RCV-M4M3-HFH7 golang.org/x/text Infinite loop

Go version v0.3.3 of the x/text package fixes a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to...

golang.org/x/text Infinite loop

Go version v0.3.3 of the x/text package fixes a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to...

Loop with Unreachable Exit Condition ('Infinite Loop')

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to...

Medium: golang

Issue Overview: The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or...

Amazon Linux AMI : golang (ALAS-2020-1436)

The version of golang installed on the remote host is prior to 1.13.15-1.59. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1436 advisory. The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder...

Amazon Linux 2 : golang (ALAS-2020-1494)

The version of golang installed on the remote host is prior to 1.13.15-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1494 advisory. The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder...

Medium: golang

Issue Overview: The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or...

CVE-2020-14040

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to...

CVE-2020-14040

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to...

Design/Logic Flaw

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to...

CVE-2020-14040

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to...