CVE-2020-28852
Description
In x/text in Go before v0.3.5, a slice bounds out of range panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.107
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Git-lfs update (ELSA-2022-7129) git-lfs-2.13.3-3.el8_6.x86_64.rpm | Linux |
| Supplementary Go text-related libraries (USN-5873-1) golang-x-text-dev_0.0~git20170627.0.6353ef0-1ubuntu2.1_all.deb | Linux |
| Supplementary Go text-related libraries (USN-5873-1) golang-golang-x-text-dev_0.3.2-4ubuntu0.1_all.deb | Linux |
| Supplementary Go text-related libraries (USN-5873-1) golang-golang-x-text-dev_0.3.7-1ubuntu0.20.04.1_all.deb | Linux |
| Supplementary Go text-related libraries (USN-5873-1) golang-golang-x-text-dev_0.3.7-1ubuntu0.22.10.1_all.deb | Linux |
| Supplementary Go text-related libraries (USN-5873-1) golang-golang-x-text-dev_0.0~git20170627.0.6353ef0-1ubuntu2.1_all.deb | Linux |
| git-lfs security and bug fix update (RLSA-2022:7129) git-lfs-2.13.3-3.el8_6.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234