golang.org/x/text/language Out-of-bounds Read vulnerability

Overview

Source
ID
GHSA-ppp9-7jff-5vj2
Aliases
CVE-2021-38561
GO-2021-0113
Affected package

Description

golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.

Summary

70.56k
Total packages affected
Packages with at least one version that is affected by the advisory or has an affected dependency.
9.26k
Packages with a known fix
Packages with versions affected by the advisory that have a greater version that is not affected.
5.36%
Total ecosystem affected
The proportion of packages in the ecosystem that are affected by the advisory (fixed or not).
Affected Version: Introduced: 0, Fixed: 0.3.7
Affected