The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
History

Sun, 08 Sep 2024 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.2::el7

Mon, 19 Aug 2024 22:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.2::el7
cpe:/a:redhat:acm:2.2::el8

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-06-17T19:22:31

Updated: 2024-08-04T12:32:14.681Z

Reserved: 2020-06-12T00:00:00

Link: CVE-2020-14040

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-06-17T20:15:09.993

Modified: 2024-11-21T05:02:25.223

Link: CVE-2020-14040

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-06-17T00:00:00Z

Links: CVE-2020-14040 - Bugzilla