golang.org/x/text/language Out-of-bounds Read vulnerability
Overview
Source
ID
GHSA-ppp9-7jff-5vj2
Aliases
CVE-2021-38561
GO-2021-0113
Affected package
Description
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.
Impact
Severity
help_outline
Latest version of the CVSS score reported by the source of the advisory.
7.5 HIGH
Reference links
Summary
70.56k
Total packages affected
help_outline
Packages with at least one version that is affected by the advisory or has an affected dependency.
9.26k
Packages with a known fix
help_outline
Packages with versions affected by the advisory that have a greater version that is not affected.
5.36%
Total ecosystem affected
help_outline
The proportion of packages in the ecosystem that are affected by the advisory (fixed or not).
Affected Version: Introduced: 0, Fixed: 0.3.7
Patched/Unaffected
Affected