CVE-2020-28851 β€” Improper Validation of Array Index in GO

CWE-129 β€” Improper Validation of Array Index9 documents8 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 66.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Golang GO
Timeline
PublishedJan 2
Latest updateFeb 16

Description

In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

β–ΆNVDgolang/go1.15.4

πŸ”΄Vulnerability Details

4
OSV
golang-golang-x-text, golang-x-text vulnerabilities↗2023-02-16
β–Ά
GHSA
GHSA-739f-9qhv-6594: In x/text in Go 1β†—2022-05-24
β–Ά
CVEList
CVE-2020-28851: In x/text in Go 1β†—2021-01-02
β–Ά
OSV
CVE-2020-28851: In x/text in Go 1β†—2021-01-02
β–Ά

πŸ“‹Vendor Advisories

4
Ubuntu
Go Text vulnerabilities↗2023-02-16
β–Ά
Microsoft
In x/text in Go 1.15.4 an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language he↗2021-01-12
β–Ά
Red Hat
golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension↗2021-01-02
β–Ά
Debian
CVE-2020-28851: golang-golang-x-text - In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAc...β†—2020
β–Ά
CVE-2020-28851 β€” Improper Validation of Array Index | cvebase