| module: golang.org/x/text |
| package: golang.org/x/text/encoding/unicode |
| - module: golang.org/x/text |
| package: golang.org/x/text/transform |
| An attacker could provide a single byte to a [`UTF16`] decoder instantiated with |
| [`UseBOM`] or [`ExpectBOM`] to trigger an infinite loop if the [`String`] function on |
| the [`Decoder`] is called, or the [`Decoder`] is passed to [`transform.String`]. |
| If used to parse user supplied input, this may be used as a denial of service |
| published: 2021-04-14T12:00:00Z |
| last_modified: 2021-06-07T12:00:00Z |
| credit: "@abacabadabacaba and Anton Gyllenberg" |
| pr: https://go-review.googlesource.com/c/text/+/238238 |
| commit: https://github.com/golang/text/commit/23ae387dee1f90d29a23c0e87ee0b46038fbed0e |
| - https://github.com/golang/go/issues/39491 |
| - https://groups.google.com/g/golang-announce/c/bXVeAmGOqz0 |
