| { |
| "schema_version": "1.3.1", |
| "id": "GO-2021-0113", |
| "modified": "0001-01-01T00:00:00Z", |
| "published": "2021-10-06T17:51:21Z", |
| "aliases": [ |
| "CVE-2021-38561", |
| "GHSA-ppp9-7jff-5vj2" |
| ], |
| "summary": "Out-of-bounds read in golang.org/x/text/language", |
| "details": "Due to improper index calculation, an incorrectly formatted language tag can cause Parse to panic via an out of bounds read. If Parse is used to process untrusted user inputs, this may be used as a vector for a denial of service attack.", |
| "affected": [ |
| { |
| "package": { |
| "name": "golang.org/x/text", |
| "ecosystem": "Go" |
| }, |
| "ranges": [ |
| { |
| "type": "SEMVER", |
| "events": [ |
| { |
| "introduced": "0" |
| }, |
| { |
| "fixed": "0.3.7" |
| } |
| ] |
| } |
| ], |
| "ecosystem_specific": { |
| "imports": [ |
| { |
| "path": "golang.org/x/text/language", |
| "symbols": [ |
| "MatchStrings", |
| "MustParse", |
| "Parse", |
| "ParseAcceptLanguage" |
| ] |
| } |
| ] |
| } |
| } |
| ], |
| "references": [ |
| { |
| "type": "FIX", |
| "url": "https://go.dev/cl/340830" |
| }, |
| { |
| "type": "FIX", |
| "url": "https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f" |
| } |
| ], |
| "credits": [ |
| { |
| "name": "Guido Vranken" |
| } |
| ], |
| "database_specific": { |
| "url": "https://pkg.go.dev/vuln/GO-2021-0113" |
| } |
| } |