| ##### |
| # Test for stripped binaries (see #57764) |
| $ govulncheck -mode=binary ${strip_vuln_binary} --> FAIL 3 |
| === Symbol Results === |
| |
| Vulnerability #1: GO-2021-0113 |
| Due to improper index calculation, an incorrectly formatted language tag can |
| cause Parse to panic via an out of bounds read. If Parse is used to process |
| untrusted user inputs, this may be used as a vector for a denial of service |
| attack. |
| More info: https://pkg.go.dev/vuln/GO-2021-0113 |
| Module: golang.org/x/text |
| Found in: golang.org/x/text@v0.3.0 |
| Fixed in: golang.org/x/text@v0.3.7 |
| Example traces found: |
| #1: language.MatchStrings |
| #2: language.MustParse |
| #3: language.Parse |
| #4: language.ParseAcceptLanguage |
| |
| Vulnerability #2: GO-2020-0015 |
| Infinite loop when decoding some inputs in golang.org/x/text |
| More info: https://pkg.go.dev/vuln/GO-2020-0015 |
| Module: golang.org/x/text |
| Found in: golang.org/x/text@v0.3.0 |
| Fixed in: golang.org/x/text@v0.3.3 |
| Example traces found: |
| #1: transform.String |
| #2: unicode.bomOverride.Transform |
| #3: unicode.utf16Decoder.Transform |
| |
| Your code is affected by 2 vulnerabilities from 1 module. |
| This scan found no other vulnerabilities in packages you import or modules you |
| require. |
| Use '-show verbose' for more details. |
