Your submission was sent successfully! Close

CVE-2020-28852

Published: 2 January 2021

In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)

Notes

AuthorNote
amurray
google-guest-agent contains a vendored copy of golang-golang-x-text
Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
golang-golang-x-text
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Needed

groovy Ignored
(reached end-of-life)
hirsute
Released (0.3.5-1)
impish Not vulnerable
(0.3.5-1)
jammy Not vulnerable
(0.3.5-1)
kinetic Not vulnerable
(0.3.5-1)
precise Does not exist

trusty Does not exist

upstream
Released (0.3.5)
xenial Does not exist

Patches:
upstream: https://github.com/golang/text/commit/4482a914f52311356f6f4b7a695d4075ca22c0c6 (v0.3.5)
golang-x-text
Launchpad, Ubuntu, Debian
bionic Needed

focal Needed

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Does not exist

jammy Does not exist

kinetic Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Needed

google-guest-agent
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
groovy Not vulnerable
(code not present)
hirsute Not vulnerable
(code not present)
impish Not vulnerable
(code not present)
jammy Not vulnerable
(code not present)
kinetic Not vulnerable
(code not present)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)