Google Git
Sign in
go / vuln.git / refs/heads/master / . / cmd / govulncheck / testdata / strip / testfiles / binary / strip.ct
blob: f2591493fc25fd891675e9f048e710c93dbb30fe [file] [log] [blame] [edit]
#####
# Test for stripped binaries (see #57764)
$ govulncheck -mode=binary ${strip_vuln_binary} --> FAIL 3
=== Symbol Results ===
Vulnerability #1: GO-2021-0113
Due to improper index calculation, an incorrectly formatted language tag can
cause Parse to panic via an out of bounds read. If Parse is used to process
untrusted user inputs, this may be used as a vector for a denial of service
attack.
More info: https://pkg.go.dev/vuln/GO-2021-0113
Module: golang.org/x/text
Found in: golang.org/x/text@v0.3.0
Fixed in: golang.org/x/text@v0.3.7
Vulnerable symbols found:
#1: language.Compose
#2: language.Make
#3: language.MatchStrings
#4: language.MustParse
#5: language.Parse
Use '-show traces' to see the other 7 found symbols
Vulnerability #2: GO-2020-0015
Infinite loop when decoding some inputs in golang.org/x/text
More info: https://pkg.go.dev/vuln/GO-2020-0015
Module: golang.org/x/text
Found in: golang.org/x/text@v0.3.0
Fixed in: golang.org/x/text@v0.3.3
Vulnerable symbols found:
#1: transform.String
#2: unicode.bomOverride.Transform
#3: unicode.utf16Decoder.Transform
Your code is affected by 2 vulnerabilities from 1 module.
This scan found no other vulnerabilities in packages you import or modules you
require.
Use '-show verbose' for more details.
# The same as above but with '-show traces'.
$ govulncheck -mode=binary -show traces ${strip_vuln_binary} --> FAIL 3
=== Symbol Results ===
Vulnerability #1: GO-2021-0113
Due to improper index calculation, an incorrectly formatted language tag can
cause Parse to panic via an out of bounds read. If Parse is used to process
untrusted user inputs, this may be used as a vector for a denial of service
attack.
More info: https://pkg.go.dev/vuln/GO-2021-0113
Module: golang.org/x/text
Found in: golang.org/x/text@v0.3.0
Fixed in: golang.org/x/text@v0.3.7
Vulnerable symbols found:
#1: golang.org/x/text/language.Compose
#2: golang.org/x/text/language.Make
#3: golang.org/x/text/language.MatchStrings
#4: golang.org/x/text/language.MustParse
#5: golang.org/x/text/language.Parse
#6: golang.org/x/text/language.ParseAcceptLanguage
#7: golang.org/x/text/language.Tag.Base
#8: golang.org/x/text/language.Tag.Extension
#9: golang.org/x/text/language.Tag.IsRoot
#10: golang.org/x/text/language.Tag.Parent
#11: golang.org/x/text/language.Tag.Region
#12: golang.org/x/text/language.Tag.String
Vulnerability #2: GO-2020-0015
Infinite loop when decoding some inputs in golang.org/x/text
More info: https://pkg.go.dev/vuln/GO-2020-0015
Module: golang.org/x/text
Found in: golang.org/x/text@v0.3.0
Fixed in: golang.org/x/text@v0.3.3
Vulnerable symbols found:
#1: golang.org/x/text/transform.String
#2: golang.org/x/text/encoding/unicode.bomOverride.Transform
#3: golang.org/x/text/encoding/unicode.utf16Decoder.Transform
Your code is affected by 2 vulnerabilities from 1 module.
This scan found no other vulnerabilities in packages you import or modules you
require.
Use '-show verbose' for more details.