CVE-2020-14040
Description
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.008
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in Couchbase Server Enterprise Edition 6.6.6 | Windows |
| Multiple vulnerabilities are fixed in Couchbase Server Enterprise Edition 7.0.4 | Windows |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update buildah-1.15.1-2.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update buildah-debugsource-1.15.1-2.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update buildah-tests-1.15.1-2.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update cockpit-podman-18.1-2.module+el8.3.0+8221+97165c3f.noarch.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update conmon-2.0.20-2.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update container-selinux-2.144.0-1.module+el8.3.0+8221+97165c3f.noarch.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update containernetworking-plugins-0.8.6-2.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update containernetworking-plugins-debugsource-0.8.6-2.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update containers-common-1.1.1-3.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update crit-3.14-2.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update criu-3.14-2.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update criu-debugsource-3.14-2.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update crun-0.14.1-2.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update crun-debugsource-0.14.1-2.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update fuse-overlayfs-1.1.2-3.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update fuse-overlayfs-debugsource-1.1.2-3.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update libslirp-4.3.1-1.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update libslirp-debugsource-4.3.1-1.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update libslirp-devel-4.3.1-1.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update oci-seccomp-bpf-hook-1.1.2-3.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update oci-seccomp-bpf-hook-debugsource-1.1.2-3.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update podman-2.0.5-5.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update podman-catatonit-2.0.5-5.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update podman-debugsource-2.0.5-5.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update podman-docker-2.0.5-5.module+el8.3.0+8221+97165c3f.noarch.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update podman-remote-2.0.5-5.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update podman-tests-2.0.5-5.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.3.0+8221+97165c3f.noarch.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update python3-criu-3.14-2.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update runc-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update runc-debugsource-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update skopeo-1.1.1-3.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update skopeo-debugsource-1.1.1-3.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update skopeo-tests-1.1.1-3.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update slirp4netns-1.1.4-2.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update slirp4netns-debugsource-1.1.4-2.module+el8.3.0+8221+97165c3f.x86_64.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update toolbox-0.0.8-1.module+el8.3.0+8221+97165c3f.noarch.rpm | Linux |
| (RHSA-2020:4694) container-tools:rhel8 security, bug fix, and enhancement update udica-0.2.2-1.module+el8.3.0+8221+97165c3f.noarch.rpm | Linux |
| (RHSA-2020:5054) skopeo security update containers-common-0.1.40-12.el7_9.x86_64.rpm | Linux |
| (RHSA-2020:5054) skopeo security update skopeo-0.1.40-12.el7_9.x86_64.rpm | Linux |
| (RHSA-2020:5055) buildah security update buildah-1.11.6-12.el7_9.x86_64.rpm | Linux |
| (RHSA-2020:5056) podman security and bug fix update podman-1.6.4-26.el7_9.x86_64.rpm | Linux |
| (RHSA-2020:5056) podman security and bug fix update podman-docker-1.6.4-26.el7_9.noarch.rpm | Linux |
| Supplementary Go text-related libraries (USN-5873-1) golang-x-text-dev_0.0~git20170627.0.6353ef0-1ubuntu2.1_all.deb | Linux |
| Supplementary Go text-related libraries (USN-5873-1) golang-golang-x-text-dev_0.3.2-4ubuntu0.1_all.deb | Linux |
| Supplementary Go text-related libraries (USN-5873-1) golang-golang-x-text-dev_0.3.7-1ubuntu0.20.04.1_all.deb | Linux |
| Supplementary Go text-related libraries (USN-5873-1) golang-golang-x-text-dev_0.3.7-1ubuntu0.22.10.1_all.deb | Linux |
| Supplementary Go text-related libraries (USN-5873-1) golang-golang-x-text-dev_0.0~git20170627.0.6353ef0-1ubuntu2.1_all.deb | Linux |
| Aardvark-dns update (ELSA-2023-6939) aardvark-dns-1.7.0-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Buildah update (ELSA-2023-6939) buildah-1.31.3-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Buildah-tests update (ELSA-2023-6939) buildah-tests-1.31.3-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Cockpit-podman update (ELSA-2023-6939) cockpit-podman-75-1.module+el8.9.0+90021+ce997450.noarch.rpm | Linux |
| Conmon update (ELSA-2023-6939) conmon-2.1.8-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Container-selinux update (ELSA-2023-6939) container-selinux-2.221.0-1.module+el8.9.0+90021+ce997450.noarch.rpm | Linux |
| Containernetworking-plugins update (ELSA-2023-6939) containernetworking-plugins-1.3.0-4.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Containers-common update (ELSA-2023-6939) containers-common-1-54.0.1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Crit update (ELSA-2023-6939) crit-3.18-4.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Criu update (ELSA-2023-6939) criu-3.18-4.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Criu-devel update (ELSA-2023-6939) criu-devel-3.18-4.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Criu-libs update (ELSA-2023-6939) criu-libs-3.18-4.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Crun update (ELSA-2023-6939) crun-1.8.7-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Fuse-overlayfs update (ELSA-2023-6939) fuse-overlayfs-1.12-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Libslirp update (ELSA-2023-6939) libslirp-4.4.0-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Libslirp-devel update (ELSA-2023-6939) libslirp-devel-4.4.0-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Netavark update (ELSA-2023-6939) netavark-1.7.0-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Oci-seccomp-bpf-hook update (ELSA-2023-6939) oci-seccomp-bpf-hook-1.2.9-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Podman update (ELSA-2023-6939) podman-4.6.1-4.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Podman-catatonit update (ELSA-2023-6939) podman-catatonit-4.6.1-4.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Podman-docker update (ELSA-2023-6939) podman-docker-4.6.1-4.module+el8.9.0+90021+ce997450.noarch.rpm | Linux |
| Podman-gvproxy update (ELSA-2023-6939) podman-gvproxy-4.6.1-4.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Podman-plugins update (ELSA-2023-6939) podman-plugins-4.6.1-4.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Podman-remote update (ELSA-2023-6939) podman-remote-4.6.1-4.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Podman-tests update (ELSA-2023-6939) podman-tests-4.6.1-4.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Python3-criu update (ELSA-2023-6939) python3-criu-3.18-4.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Python3-podman update (ELSA-2023-6939) python3-podman-4.6.0-1.module+el8.9.0+90021+ce997450.noarch.rpm | Linux |
| Runc update (ELSA-2023-6939) runc-1.1.9-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Skopeo update (ELSA-2023-6939) skopeo-1.13.3-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Skopeo-tests update (ELSA-2023-6939) skopeo-tests-1.13.3-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Slirp4netns update (ELSA-2023-6939) slirp4netns-1.2.1-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Udica update (ELSA-2023-6939) udica-0.2.6-20.module+el8.9.0+90021+ce997450.noarch.rpm | Linux |
| (RHSA-2020:5054)Moderate: security update skopeo-debuginfo-0.1.40-12.el7_9.x86_64.rpm | Linux |
| (RHSA-2020:5055)Moderate: security update buildah-debuginfo-1.11.6-12.el7_9.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234