PT-2021-11585 · X/Text+6 · X/Text+6

Ph1048

Published

2021-01-02

Updated

2023-02-16

CVE-2020-28852

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: x/text versions prior to 0.3.5 x/text version 1.15.4

Description: A "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. The x/text/language package is supposed to be able to parse an HTTP Accept-Language header.

Recommendations: For versions prior to 0.3.5, update to version 0.3.5 or later. For version 1.15.4, update to a version later than 1.15.4. As a temporary workaround, consider disabling the language.ParseAcceptLanguage function until a patch is available.

Exploit

Fix

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129

Related Identifiers

ALSA-2022:7129

ALSA-2022:7954

AZL-41455

AZL-44148

CESA-2022_7129

CVE-2020-28852

RHSA-2022:1276

RHSA-2022:7129

RHSA-2022:7954

RHSA-2022_7129

RHSA-2022_7954

RLSA-2022:7129

USN-5873-1

Affected Products

Almalinux

Centos

Linuxmint

Red Hat

Rocky Linux

Ubuntu

X/Text

PT-2021-11585 · X/Text+6 · X/Text+6

CVE-2020-28852

Weakness Enumeration

Related Identifiers

Affected Products

References · 70