Search for packages
| purl | pkg:deb/debian/golang-golang-x-text@0.3.6-1 |
| Next non-vulnerable version | 0.3.8-1~bpo11+1 |
| Latest non-vulnerable version | 0.3.8-1~bpo11+1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-h89x-2eq9-aaar
Aliases: CVE-2021-38561 GHSA-ppp9-7jff-5vj2 |
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack. |
Affected by 1 other vulnerability. |
|
VCID-t1ev-zzxa-aaas
Aliases: CVE-2022-32149 GHSA-69ch-w2m2-3vjp |
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1was-c9fx-aaaj | In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) |
CVE-2020-28851
|
| VCID-j7t1-k8j2-aaam | In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) |
CVE-2020-28852
|
| VCID-q4bv-fa1u-aaaq | The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String. |
CVE-2020-14040
GHSA-5rcv-m4m3-hfh7 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T05:44:46.262518+00:00 | Debian Oval Importer | Fixing | VCID-q4bv-fa1u-aaaq | None | 36.1.3 |
| 2025-06-21T03:19:23.958034+00:00 | Debian Oval Importer | Fixing | VCID-1was-c9fx-aaaj | None | 36.1.3 |
| 2025-06-21T02:58:19.040272+00:00 | Debian Oval Importer | Fixing | VCID-j7t1-k8j2-aaam | None | 36.1.3 |
| 2025-06-20T23:44:08.631582+00:00 | Debian Importer | Affected by | VCID-t1ev-zzxa-aaas | None | 36.1.3 |
| 2025-06-20T22:37:40.358234+00:00 | Debian Importer | Affected by | VCID-t1ev-zzxa-aaas | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-20T21:59:54.048230+00:00 | Debian Importer | Affected by | VCID-h89x-2eq9-aaar | None | 36.1.3 |
| 2025-06-20T20:35:21.152355+00:00 | Debian Importer | Affected by | VCID-h89x-2eq9-aaar | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-07T23:23:07.745068+00:00 | Debian Oval Importer | Fixing | VCID-q4bv-fa1u-aaaq | None | 36.1.0 |
| 2025-06-07T20:52:25.775113+00:00 | Debian Oval Importer | Fixing | VCID-1was-c9fx-aaaj | None | 36.1.0 |
| 2025-06-07T20:26:18.099529+00:00 | Debian Oval Importer | Fixing | VCID-j7t1-k8j2-aaam | None | 36.1.0 |
| 2025-06-05T14:22:55.998079+00:00 | Debian Importer | Affected by | VCID-h89x-2eq9-aaar | https://security-tracker.debian.org/tracker/data/json | 36.1.0 |
| 2025-04-12T22:31:47.255263+00:00 | Debian Oval Importer | Fixing | VCID-j7t1-k8j2-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T22:21:39.645179+00:00 | Debian Oval Importer | Fixing | VCID-1was-c9fx-aaaj | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:49:24.362259+00:00 | Debian Oval Importer | Fixing | VCID-q4bv-fa1u-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-07T21:55:03.452489+00:00 | Debian Oval Importer | Fixing | VCID-q4bv-fa1u-aaaq | None | 36.0.0 |
| 2025-04-07T19:22:59.375975+00:00 | Debian Oval Importer | Fixing | VCID-1was-c9fx-aaaj | None | 36.0.0 |
| 2025-04-07T19:01:13.097037+00:00 | Debian Oval Importer | Fixing | VCID-j7t1-k8j2-aaam | None | 36.0.0 |
| 2025-04-04T02:25:24.989783+00:00 | Debian Importer | Affected by | VCID-t1ev-zzxa-aaas | None | 36.0.0 |
| 2025-04-04T01:16:41.709527+00:00 | Debian Importer | Affected by | VCID-t1ev-zzxa-aaas | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-04T00:37:54.378424+00:00 | Debian Importer | Affected by | VCID-h89x-2eq9-aaar | None | 36.0.0 |
| 2025-04-03T23:21:55.366393+00:00 | Debian Importer | Affected by | VCID-h89x-2eq9-aaar | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-02-20T22:11:33.803582+00:00 | Debian Importer | Affected by | VCID-t1ev-zzxa-aaas | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-20T22:11:30.424547+00:00 | Debian Importer | Affected by | VCID-t1ev-zzxa-aaas | None | 35.1.0 |
| 2025-02-20T05:09:59.401432+00:00 | Debian Importer | Affected by | VCID-h89x-2eq9-aaar | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-20T05:09:58.706154+00:00 | Debian Importer | Affected by | VCID-h89x-2eq9-aaar | None | 35.1.0 |
| 2024-11-23T14:26:17.724302+00:00 | Debian Importer | Affected by | VCID-t1ev-zzxa-aaas | https://security-tracker.debian.org/tracker/data/json | 35.0.0 |
| 2024-11-22T23:09:48.630917+00:00 | Debian Importer | Affected by | VCID-h89x-2eq9-aaar | https://security-tracker.debian.org/tracker/data/json | 35.0.0 |
| 2024-11-22T23:09:47.950826+00:00 | Debian Importer | Affected by | VCID-h89x-2eq9-aaar | None | 35.0.0 |
| 2024-10-10T12:11:10.794519+00:00 | Debian Importer | Affected by | VCID-t1ev-zzxa-aaas | https://security-tracker.debian.org/tracker/data/json | 34.0.2 |
| 2024-10-09T21:39:51.664995+00:00 | Debian Importer | Affected by | VCID-h89x-2eq9-aaar | https://security-tracker.debian.org/tracker/data/json | 34.0.2 |
| 2024-10-09T21:39:50.941536+00:00 | Debian Importer | Affected by | VCID-h89x-2eq9-aaar | None | 34.0.2 |
| 2024-09-19T18:47:15.740575+00:00 | Debian Importer | Affected by | VCID-t1ev-zzxa-aaas | https://security-tracker.debian.org/tracker/data/json | 34.0.1 |
| 2024-09-19T05:34:00.471660+00:00 | Debian Importer | Affected by | VCID-h89x-2eq9-aaar | https://security-tracker.debian.org/tracker/data/json | 34.0.1 |
| 2024-09-19T05:33:59.800130+00:00 | Debian Importer | Affected by | VCID-h89x-2eq9-aaar | None | 34.0.1 |
| 2024-04-25T15:40:53.371951+00:00 | Debian Importer | Affected by | VCID-t1ev-zzxa-aaas | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-25T15:40:46.089935+00:00 | Debian Importer | Affected by | VCID-t1ev-zzxa-aaas | None | 34.0.0rc4 |
| 2024-04-25T03:59:37.132170+00:00 | Debian Importer | Affected by | VCID-h89x-2eq9-aaar | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-25T03:59:35.541907+00:00 | Debian Importer | Affected by | VCID-h89x-2eq9-aaar | None | 34.0.0rc4 |
| 2024-01-11T18:23:22.949960+00:00 | Debian Importer | Affected by | VCID-t1ev-zzxa-aaas | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-11T18:23:16.019355+00:00 | Debian Importer | Affected by | VCID-t1ev-zzxa-aaas | None | 34.0.0rc2 |
| 2024-01-11T05:27:56.037134+00:00 | Debian Importer | Affected by | VCID-h89x-2eq9-aaar | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-11T05:27:53.067144+00:00 | Debian Importer | Affected by | VCID-h89x-2eq9-aaar | None | 34.0.0rc2 |
| 2024-01-05T02:23:51.666325+00:00 | Debian Importer | Affected by | VCID-t1ev-zzxa-aaas | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-05T02:23:44.040842+00:00 | Debian Importer | Affected by | VCID-t1ev-zzxa-aaas | None | 34.0.0rc1 |
| 2024-01-04T16:47:42.212886+00:00 | Debian Importer | Affected by | VCID-h89x-2eq9-aaar | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-04T16:47:39.827714+00:00 | Debian Importer | Affected by | VCID-h89x-2eq9-aaar | None | 34.0.0rc1 |