Описание
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | not-affected | 0.3.5-1 |
| esm-apps/focal | released | 0.3.2-4ubuntu0.1 |
| esm-apps/jammy | not-affected | 0.3.5-1 |
| esm-apps/noble | not-affected | 0.3.5-1 |
| esm-infra-legacy/trusty | DNE | |
| focal | released | 0.3.2-4ubuntu0.1 |
| groovy | ignored | end of life |
| hirsute | released | 0.3.5-1 |
| impish | not-affected | 0.3.5-1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 0.0~git20170627.0.6353ef0-1ubuntu2.1 |
| devel | DNE | |
| eoan | ignored | end of life |
| esm-apps/bionic | released | 0.0~git20170627.0.6353ef0-1ubuntu2.1 |
| esm-apps/focal | ignored | transition package that install golang-golang-x-text |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | needed | |
| focal | ignored | end of standard support, was ignored [transition package that install golang-golang-x-text] |
| groovy | ignored | end of life |
| hirsute | ignored | end of life |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
The x/text package before 0.3.3 for Go has a vulnerability in encoding ...
Moderate: container-tools:rhel8 security, bug fix, and enhancement update
EPSS
5 Medium
CVSS2
7.5 High
CVSS3