Skip to content
This repository was archived by the owner on Jul 31, 2025. It is now read-only.
This repository was archived by the owner on Jul 31, 2025. It is now read-only.

Security Vulnerabilities - CVE-2021-33194, CVE-2021-38561, CVE-2022-32149 #1695

Open
Open
Security Vulnerabilities - CVE-2021-33194, CVE-2021-38561, CVE-2022-32149#1695
@vishweshwarp

Description

@vishweshwarp
vishweshwarp
opened on Oct 31, 2023

Hi Team,

Can you please fix the following security vulnerabilities?

CVE-2021-33194: golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.
Fix Status: fixed in 0.0.0-20210520170846-37e1c6afe023

CVE-2021-38561: golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.
Fix Status: fixed in 0.3.7

CVE-2022-32149: (golang.org/x/text) An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.
Fix Status: fixed in 0.3.8

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions