CVE-2021-38561

Name of the Vulnerable Software and Affected Versions golang.org/x/text versions prior to 0.3.7

Description The issue is related to a denial-of-service attack that can occur due to an out-of-bounds read during BCP 47 language tag parsing. This happens because of mishandled index calculation. If untrusted user input is parsed, it can be used as a vector for such an attack. The vulnerability is associated with a buffer read beyond its limits in memory, which a remote attacker can exploit to cause a service disruption.

Recommendations For versions prior to 0.3.7, update to version 0.3.7 or later to resolve the issue. As a temporary workaround, consider avoiding the parsing of untrusted user input with the golang.org/x/text/language component until a patch is applied. Restrict access to the Parse function to minimize the risk of exploitation.