Описание
In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
A flaw was found in golang.org. In x/text, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag.
Отчет
Below Red Hat products include the affected version of 'golang.org/x/text', however the language package is not being used and hence they are rated as having a security impact of Low. A future update may address this issue.
- Red Hat OpenShift Container Storage 4
- OpenShift ServiceMesh (OSSM)
- Red Hat Gluster Storage 3
- Windows Container Support for Red Hat OpenShift Only three components in OpenShift Container Platform include the affected package, 'golang.org/x/text/language' , the installer, baremetal installer and thanos container images. All other components that include a version of 'golang.org/x/text' do not include the 'language' package and are therefore not affected.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 2.0 | servicemesh-cni | Will not fix | ||
| Red Hat Ceph Storage 2 | golang | Out of support scope | ||
| Red Hat Ceph Storage 3 | golang | Affected | ||
| Red Hat Developer Tools | go-toolset-1.14-golang | Not affected | ||
| Red Hat Enterprise Linux 7 | buildah | Out of support scope | ||
| Red Hat Enterprise Linux 7 | golang | Out of support scope | ||
| Red Hat Enterprise Linux 7 | podman | Out of support scope | ||
| Red Hat Enterprise Linux 8 | container-tools:1.0/buildah | Will not fix | ||
| Red Hat Enterprise Linux 8 | container-tools:1.0/podman | Out of support scope | ||
| Red Hat Enterprise Linux 8 | container-tools:2.0/buildah | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
In x/text in Go before v0.3.5, a "slice bounds out of range" panic occ ...
In x/text in Go 1.15.4, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
EPSS
7.5 High
CVSS3