data/reports/GO-2021-0113.yaml - vulndb - Git at Google

 id: GO-2021-0113
 modules:
     - module: golang.org/x/text
       versions:
         - fixed: 0.3.7
       vulnerable_at: 0.3.6
       packages:
         - package: golang.org/x/text/language
           symbols:
             - Parse
           derived_symbols:
             - MatchStrings
             - MustParse
             - ParseAcceptLanguage
 summary: Out-of-bounds read in golang.org/x/text/language
 description: |-
     Due to improper index calculation, an incorrectly formatted language tag can
     cause Parse to panic via an out of bounds read. If Parse is used to process
     untrusted user inputs, this may be used as a vector for a denial of service
     attack.
 published: 2021-10-06T17:51:21Z
 cves:
     - CVE-2021-38561
 ghsas:
     - GHSA-ppp9-7jff-5vj2
 credits:
     - Guido Vranken
 references:
     - fix: https://go.dev/cl/340830
     - fix: https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
 review_status: REVIEWED
	id: GO-2021-0113
	modules:
	- module: golang.org/x/text
	versions:
	- fixed: 0.3.7
	vulnerable_at: 0.3.6
	packages:
	- package: golang.org/x/text/language
	symbols:
	- Parse
	derived_symbols:
	- MatchStrings
	- MustParse
	- ParseAcceptLanguage
	summary: Out-of-bounds read in golang.org/x/text/language
	description: \|-
	Due to improper index calculation, an incorrectly formatted language tag can
	cause Parse to panic via an out of bounds read. If Parse is used to process
	untrusted user inputs, this may be used as a vector for a denial of service
	attack.
	published: 2021-10-06T17:51:21Z
	cves:
	- CVE-2021-38561
	ghsas:
	- GHSA-ppp9-7jff-5vj2
	credits:
	- Guido Vranken
	references:
	- fix: https://go.dev/cl/340830
	- fix: https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
	review_status: REVIEWED