Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
No PoCs from references.
- https://github.com/ARPSyndicate/cvemon
- https://github.com/hb-chen/deps
- https://github.com/hnts/vulnerability-exporter
- https://github.com/intercloud/gobinsec
- https://github.com/saveourtool/osv4k
- https://github.com/yard-turkey/aws-s3-provisioner