Search for packages
| purl | pkg:deb/debian/golang-golang-x-text@0.3.2-3 |
| Next non-vulnerable version | 0.3.8-1~bpo11+1 |
| Latest non-vulnerable version | 0.3.8-1~bpo11+1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1was-c9fx-aaaj
Aliases: CVE-2020-28851 |
In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) |
Affected by 2 other vulnerabilities. |
|
VCID-j7t1-k8j2-aaam
Aliases: CVE-2020-28852 |
In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) |
Affected by 2 other vulnerabilities. |
|
VCID-q4bv-fa1u-aaaq
Aliases: CVE-2020-14040 GHSA-5rcv-m4m3-hfh7 |
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T05:44:46.258200+00:00 | Debian Oval Importer | Affected by | VCID-q4bv-fa1u-aaaq | None | 36.1.3 |
| 2025-06-21T03:19:23.954147+00:00 | Debian Oval Importer | Affected by | VCID-1was-c9fx-aaaj | None | 36.1.3 |
| 2025-06-21T02:58:19.036450+00:00 | Debian Oval Importer | Affected by | VCID-j7t1-k8j2-aaam | None | 36.1.3 |
| 2025-06-07T23:23:07.740045+00:00 | Debian Oval Importer | Affected by | VCID-q4bv-fa1u-aaaq | None | 36.1.0 |
| 2025-06-07T20:52:25.771390+00:00 | Debian Oval Importer | Affected by | VCID-1was-c9fx-aaaj | None | 36.1.0 |
| 2025-06-07T20:26:18.096014+00:00 | Debian Oval Importer | Affected by | VCID-j7t1-k8j2-aaam | None | 36.1.0 |
| 2025-04-12T22:31:47.246146+00:00 | Debian Oval Importer | Affected by | VCID-j7t1-k8j2-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T22:21:39.635160+00:00 | Debian Oval Importer | Affected by | VCID-1was-c9fx-aaaj | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:49:24.352411+00:00 | Debian Oval Importer | Affected by | VCID-q4bv-fa1u-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-07T21:55:03.441314+00:00 | Debian Oval Importer | Affected by | VCID-q4bv-fa1u-aaaq | None | 36.0.0 |
| 2025-04-07T19:22:59.365090+00:00 | Debian Oval Importer | Affected by | VCID-1was-c9fx-aaaj | None | 36.0.0 |
| 2025-04-07T19:01:13.085896+00:00 | Debian Oval Importer | Affected by | VCID-j7t1-k8j2-aaam | None | 36.0.0 |