Out-of-bounds Read Affecting golang-golang-x-text package, versions <0.3.7-1
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIANUNSTABLE-GOLANGGOLANGXTEXT-2935274
- published 25 Jun 2022
- disclosed 26 Dec 2022
Introduced: 25 Jun 2022
CVE-2021-38561 Open this link in a new tabHow to fix?
Upgrade Debian:unstable
golang-golang-x-text
to version 0.3.7-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream golang-golang-x-text
package and not the golang-golang-x-text
package as distributed by Debian
.
See How to fix?
for Debian:unstable
relevant fixed versions and status.
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.