Out-of-bounds read in golang.org/x/text/language

Overview

Source
ID
GO-2021-0113
Aliases
CVE-2021-38561
GHSA-ppp9-7jff-5vj2
Affected package

Description

Due to improper index calculation, an incorrectly formatted language tag can cause Parse to panic via an out of bounds read. If Parse is used to process untrusted user inputs, this may be used as a vector for a denial of service attack.

Summary

70.56k
Total packages affected
Packages with at least one version that is affected by the advisory or has an affected dependency.
9.26k
Packages with a known fix
Packages with versions affected by the advisory that have a greater version that is not affected.
5.36%
Total ecosystem affected
The proportion of packages in the ecosystem that are affected by the advisory (fixed or not).
Affected Version: Introduced: 0, Fixed: 0.3.7
Affected