[security] Vulnerability in golang.org/x/text/language
1,769 views
Skip to first unread message
Roland Shoemaker
Oct 11, 2022, 1:05:03 PM10/11/22
to golang-...@googlegroups.com
Hello gophers,
Version v0.3.8 of golang.org/x/text fixes a vulnerability in the golang.org/x/text/language package which could cause a denial of service.
An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse.
This issue was discovered by OSS-Fuzz and reported to us by Adam Korczynski (ADA Logics), and is tracked as CVE-2022-32149 and https://go.dev/issue/56152.
Cheers,
Roland on behalf of the Go team
Version v0.3.8 of golang.org/x/text fixes a vulnerability in the golang.org/x/text/language package which could cause a denial of service.
An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse.
This issue was discovered by OSS-Fuzz and reported to us by Adam Korczynski (ADA Logics), and is tracked as CVE-2022-32149 and https://go.dev/issue/56152.
Cheers,
Roland on behalf of the Go team
Reply all
Reply to author
Forward
0 new messages