commit 04dc678213d32ee698cc6bdfd65a4a24d3b7780b
author Roland Shoemaker <roland@golang.org> Thu Aug 12 14:32:43 2021 -0700
committer Roland Shoemaker <roland@golang.org> Wed Oct 06 17:51:21 2021 +0000
tree 42c7b4b5321ac2ed0e7fc75ee38c2561b8c649ff
parent 0d8e09b37a505318d6fce22c2e295c4f8bd04dca

reports: add x/text/language report

Change-Id: Ic1c0f64bf7c686d812a0eb5c61a40d5e502a335f
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/341909
Vulndb-Deploy: Roland Shoemaker <bracewell@google.com>
Trust: Roland Shoemaker <roland@golang.org>
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Katie Hockman <katie@golang.org>

reports/GO-2021-0113.yaml

diff --git a/reports/GO-2021-0113.yaml b/reports/GO-2021-0113.yaml
new file mode 100644
index 0000000..bce14c8
--- /dev/null
+++ b/reports/GO-2021-0113.yaml
@@ -0,0 +1,16 @@
+module: golang.org/x/text
+package: golang.org/x/text/language
+versions:
+  - fixed: v0.3.7
+description: |
+  Due to improper index calculation, an incorrectly formatted language tag can cause Parse
+  to panic, due to an out of bounds read. If Parse is used to process untrusted user inputs,
+  this may be used as a vector for a denial of service attack.
+cve: CVE-2021-38561
+credit: Guido Vranken
+symbols:
+  - Parse
+published: 2021-10-06T12:00:00Z
+links:
+  commit: https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
+  pr: https://go-review.googlesource.com/c/text/+/340830
\ No newline at end of file