Infinite loop when decoding some inputs in golang.org/x/text
Overview
Source
ID
GO-2020-0015
Aliases
CVE-2020-14040
GHSA-5rcv-m4m3-hfh7
Affected package
Description
An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to transform.String. If used to parse user supplied input, this may be used as a denial of service vector.
Summary
36.65k
Total packages affected
help_outline
Packages with at least one version that is affected by the advisory or has an affected dependency.
5.36k
Packages with a known fix
help_outline
Packages with versions affected by the advisory that have a greater version that is not affected.
2.78%
Total ecosystem affected
help_outline
The proportion of packages in the ecosystem that are affected by the advisory (fixed or not).
Affected Version: Introduced: 0, Fixed: 0.3.3
Patched/Unaffected
Affected