4 matches found
CVE-2022-32149
CVE-2022-32149 enables DoS by crafting an Accept-Language header that causes significant parsing delay in Go’s text parsing. Connected advisories show affected packages across multiple distributions with available fixes: Astra Linux notes golang-x-text; CBL-Mariner entries indicate patched versio...
CVE-2020-14040
CVE-2020-14040 affects golang.org/x/text/encoding/unicode and golang.org/x/text/transform in the x/text package for Go, with a vulnerability in encoding/unicode that can cause the UTF-16 decoder to enter an infinite loop, potentially crashing or exhausting memory when a single byte is supplied to...
CVE-2021-38561
CVE-2021-38561 affects golang.org/x/text/language in golang.org/x/text before 0.3.7, with a potential out-of-bounds read during BCP 47 language tag parsing that can cause DoS on untrusted input. Connected advisories confirm this vulnerability also affects several packages (e.g., podman, buildah, ...
CVE-2020-28852
CVE-2020-28852 affects the Go x/text package, specifically a slice bounds out of range panic in language.ParseAcceptLanguage when processing a BCP 47 tag in HTTP Accept-Language headers. Version 0.3.5 of golang.org/x/text (or newer) fixes this; prior versions before v0.3.5 are affected. The issue...