blob: 5b935a2615e9a7bdf598c63dbe400b800faf80db [file] [log] [blame]
packages:
- module: golang.org/x/text
package: golang.org/x/text/language
symbols:
- Parse
derived_symbols:
- MatchStrings
- MustParse
- ParseAcceptLanguage
versions:
- fixed: 0.3.7
description: |
Due to improper index calculation, an incorrectly formatted language tag can cause Parse
to panic via an out of bounds read. If Parse is used to process untrusted user inputs,
this may be used as a vector for a denial of service attack.
published: 2021-10-06T17:51:21Z
cves:
- CVE-2021-38561
credit: Guido Vranken
links:
pr: https://go.dev/cl/340830
commit: https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f