4 results (0.016 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

14 Oct 2022 — An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse. Un atacante podría causar una denegación de servicio al diseñar un encabezado Accept-Language que ParseAcceptLanguage tardaría mucho tiempo en analizar A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of servi... • https://go.dev/cl/442235 • CWE-407: Inefficient Algorithmic Complexity CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

27 Jul 2022 — golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack. golang.org/x/text/language en golang.org/x/text anterior a 0.3.7 puede entrar en pánico con una lectura fuera de los límites durante el análisis de etiquetas de idioma BCP 47. El cálculo del índice está mal manejado. Si se analizan entradas de usuario... • https://deps.dev/advisory/OSV/GO-2021-0113 • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

02 Jan 2021 — In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) En x/text en Go anterior a la versión v0.3.5, un pánico "slice bounds out of range" se produce en language.ParseAcceptLanguage mientras se procesa una etiqueta BCP 47. (Se supone que x/text/language puede ser capaz de analizar un encabezado HTTP Accept-Language) A flaw was found in golang.org... • https://github.com/golang/go/issues/42536 • CWE-129: Improper Validation of Array Index •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

17 Jun 2020 — The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String. El paquete x/text anterior a la versión 0.3.3 para Go tiene una vulnerabilidad ... • https://groups.google.com/forum/#%21topic/golang-announce/bXVeAmGOqz0 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •