| # Test for stripped binaries (see #57764). |
| |
| $ govulncheck -mode=binary ${strip_binary} --> FAIL 3 |
| govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback. |
| |
| Using govulncheck@v0.0.0-00000000000-20000101010101 with |
| vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC). |
| |
| Scanning your binary for known vulnerabilities... |
| Your code is affected by 2 vulnerabilities from 1 module. |
| |
| Vulnerability #1: GO-2021-0113 |
| Due to improper index calculation, an incorrectly formatted |
| language tag can cause Parse to panic via an out of bounds read. |
| If Parse is used to process untrusted user inputs, this may be |
| used as a vector for a denial of service attack. |
| More info: https://pkg.go.dev/vuln/GO-2021-0113 |
| Module: golang.org/x/text |
| Found in: golang.org/x/text@v0.3.0 |
| Fixed in: golang.org/x/text@v0.3.7 |
| |
| Vulnerability #2: GO-2020-0015 |
| An attacker could provide a single byte to a UTF16 decoder |
| instantiated with UseBOM or ExpectBOM to trigger an infinite |
| loop if the String function on the Decoder is called, or the |
| Decoder is passed to transform.String. If used to parse user |
| supplied input, this may be used as a denial of service vector. |
| More info: https://pkg.go.dev/vuln/GO-2020-0015 |
| Module: golang.org/x/text |
| Found in: golang.org/x/text@v0.3.0 |
| Fixed in: golang.org/x/text@v0.3.3 |