Denial Of Service (DoS)

2021-01-1108:48:05

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

github.com/golang/text is vulnerable to denial of service. The vulnerability exist as the function resizeRange was indexed in an insecure way which would cause an application crash.

CPENameOperatorVersion
github.com/golang/textlev0.3.4
buildaheq1.15.0__1.module_el8.3.0+432+2e9cbcd8
buildaheq1.5__3.gite94b4f9.module_el8.0.0+57+bb81156c
buildaheq1.22.3__2.module_el8.6.0+926+8bef8ae7
buildaheq1.19.7__1.el8
buildaheq1.21.4__2.module_el8.5.0+870+f792de72
buildaheq1.5__4.gite94b4f9.module_el8.2.0+303+1105185b
buildaheq1.11.6__6.rhaos4.3.el8
buildaheq1.22.3__2.module_el8.5.0+911+f19012f9
buildaheq1.23.1__2.module_el8.6.0+954+963caf36

Name	Operator	Version
github.com/golang/text	le	v0.3.4
buildah	eq	1.15.0__1.module_el8.3.0+432+2e9cbcd8
buildah	eq	1.5__3.gite94b4f9.module_el8.0.0+57+bb81156c
buildah	eq	1.22.3__2.module_el8.6.0+926+8bef8ae7
buildah	eq	1.19.7__1.el8
buildah	eq	1.21.4__2.module_el8.5.0+870+f792de72
buildah	eq	1.5__4.gite94b4f9.module_el8.2.0+303+1105185b
buildah	eq	1.11.6__6.rhaos4.3.el8
buildah	eq	1.22.3__2.module_el8.5.0+911+f19012f9
buildah	eq	1.23.1__2.module_el8.6.0+954+963caf36