PT-2021-11584 · X/Text+7 · X/Text+7

Published

2021-01-02

Updated

2024-03-06

CVE-2020-28851

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: x/text versions 1.15.4

Description: An "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. The x/text/language package is supposed to be able to parse an HTTP Accept-Language header.

Recommendations: For version 1.15.4, consider updating to a newer version to mitigate the risk, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the parsing of HTTP Accept-Language headers to minimize the risk of exploitation.

Exploit

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129

Related Identifiers

ALSA-2022:7129

ALSA-2022:7954

AZL-41422

AZL-45033

BIT-GOLANG-2020-28851

CESA-2022_1762

CESA-2022_7129

CVE-2020-28851

RHSA-2022:1276

RHSA-2022:1762

RHSA-2022:7129

RHSA-2022:7954

RHSA-2022_1762

RHSA-2022_7129

RHSA-2022_7954

RLSA-2022:7129

USN-5873-1

Affected Products

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Ubuntu

X/Text

PT-2021-11584 · X/Text+7 · X/Text+7

CVE-2020-28851

Weakness Enumeration

Related Identifiers

Affected Products

References · 70