CVE-2021-38561

Published: Dec 26, 2022

Modified: Apr 14, 2025

PUBLISHED

Description

golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://groups.google.com/g/golang-announce

https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f

https://deps.dev/advisory/OSV/GO-2021-0113

https://pkg.go.dev/golang.org/x/text/language

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-38561

Description

Affected Products

References