Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2020-14040

Published: 17/06/2020 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Golang

Vulnerability Summary

The x/text package prior to 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

golang text

fedoraproject fedora 32

Vendor Advisories

Debian CVElist Bug Report Logs: golang-x-text: CVE-2020-14040
Debian Bug report logs - #964271 golang-x-text: CVE-2020-14040 Package: src:golang-x-text; Maintainer for src:golang-x-text is Debian Go packaging team <team+pkg-go@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 4 Jul 2020 19:27:02 UTC Severity: grave Tags: security, upstream ...
Amazon Linux 2: ALAS2-2020-1494
The x/text package before 033 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the ...
Amazon Linux AMI: ALAS-2020-1436
The x/text package before 033 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the ...
Red Hat: Moderate: Red Hat Quay v3.4.0 security update
Synopsis Moderate: Red Hat Quay v340 security update Type/Severity Security Advisory: Moderate Topic Red Hat Quay 340 is now available with bug fixes and variousenhancementsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVS ...
Red Hat: Moderate: OpenShift Container Platform 4.4.23 cluster-network-operator-container security update
Synopsis Moderate: OpenShift Container Platform 4423 cluster-network-operator-container security update Type/Severity Security Advisory: Moderate Topic An update for cluster-network-operator-container is now available for Red Hat OpenShift Container Platform 44Red Hat Product Security has rated this upd ...
Red Hat: Moderate: buildah security update
Synopsis Moderate: buildah security update Type/Severity Security Advisory: Moderate Topic An update for buildah is now available for Red Hat Enterprise Linux 7 ExtrasRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base sc ...
Red Hat: Moderate: go-toolset:rhel8 security update
Synopsis Moderate: go-toolset:rhel8 security update Type/Severity Security Advisory: Moderate Topic An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring ...
Red Hat: Moderate: OpenShift Container Platform 3.11.286 security update
Synopsis Moderate: OpenShift Container Platform 311286 security update Type/Severity Security Advisory: Moderate Topic An update for logging-kibana5-container and openshift-enterprise-registry-container is now available for Red Hat OpenShift Container Platform 311Red Hat Product Security has rated this ...
Red Hat: Moderate: podman security and bug fix update
Synopsis Moderate: podman security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for podman is now available for Red Hat Enterprise Linux 7 ExtrasRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVS ...
Red Hat: Moderate: Red Hat OpenShift Jaeger security update
Synopsis Moderate: Red Hat OpenShift Jaeger security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Jaeger 120Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...
Red Hat: Moderate: OpenShift Container Platform 4.5.11 ose-cluster-svcat-apiserver-operator-container security update
Synopsis Moderate: OpenShift Container Platform 4511 ose-cluster-svcat-apiserver-operator-container security update Type/Severity Security Advisory: Moderate Topic An update for ose-cluster-svcat-apiserver-operator-container is now available for Red Hat OpenShift Container Platform 45Red Hat Product Sec ...
Red Hat: Moderate: OpenShift Container Platform 4.6.1 package security update
Synopsis Moderate: OpenShift Container Platform 461 package security update Type/Severity Security Advisory: Moderate Topic An update for jenkins-2-plugins, openshift-clients, podman, runc, and skopeo is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this upd ...
Red Hat: Moderate: Red Hat OpenShift Container Storage 4.6 bug fix and enhancement update
Synopsis Moderate: Red Hat OpenShift Container Storage 46 bug fix and enhancement update Type/Severity Security Advisory: Moderate Topic An update for mcg is now available for Red Hat OpenShift Container Storage 460 on RHEL-8Red Hat Product Security has rated this update as having a security impact of M ...
Red Hat: Moderate: go-toolset-1.13-golang security and bug fix update
Synopsis Moderate: go-toolset-113-golang security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for go-toolset-113 and go-toolset-113-golang is now available for Red Hat Developer ToolsRed Hat Product Security has rated this update as having a security impact of Moderate ...
Red Hat: Moderate: skopeo security update
Synopsis Moderate: skopeo security update Type/Severity Security Advisory: Moderate Topic An update for skopeo is now available for Red Hat Enterprise Linux 7 ExtrasRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base scor ...
Red Hat: Moderate: OpenShift Container Platform 4.5.8 security update
Synopsis Moderate: OpenShift Container Platform 458 security update Type/Severity Security Advisory: Moderate Topic An update for cluster-network-operator-container, cluster-version-operator-container, elasticsearch-operator-container, logging-kibana6-container, and ose-cluster-svcat-controller-manager-op ...
Red Hat: Moderate: Release of OpenShift Serverless 1.11.0
Synopsis Moderate: Release of OpenShift Serverless 1110 Type/Severity Security Advisory: Moderate Topic Release of OpenShift Serverless 1110 Description Red Hat OpenShift Serverless 1110 is a generally available release of theOpenShift Serverless Operator This version of the OpenShif ...
Red Hat: Moderate: container-tools:rhel8 security, bug fix, and enhancement update
Synopsis Moderate: container-tools:rhel8 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Mode ...
Red Hat: Moderate: Red Hat OpenShift Service Mesh 3scale-istio-adapter-rhel8-container security update
Synopsis Moderate: Red Hat OpenShift Service Mesh 3scale-istio-adapter-rhel8-container security update Type/Severity Security Advisory: Moderate Topic An update for 3scale-istio-adapter-rhel8-container is now available for OpenShift Service MeshRed Hat Product Security has rated this update as having a sec ...
Red Hat: Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update
Synopsis Moderate: Red Hat OpenShift Container Storage 460 security, bug fix, enhancement update Type/Severity Security Advisory: Moderate Topic Updated images are now available for Red Hat OpenShift Container Storage 460 on Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ha ...
Red Hat: Moderate: Red Hat OpenShift Service Mesh security update
Synopsis Moderate: Red Hat OpenShift Service Mesh security update Type/Severity Security Advisory: Moderate Topic An update is now available for OpenShift Service Mesh 11Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update
Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...

Github Repositories

https://github.com/saveourtool/osv4k

Kotlin and Java serialization schema for OSV

osv4k Kotlin and Java model for the serialization and deserialization of OSV Schema This library is inspired by the tool detekt/sarif4k See the project website for documentation and APIs Features Support Kotlin Multiplatform: jvm, js, linuxX64, mingwX64, macosX64 Support KotlinX Serialization Support Jackson annotations for jvm target Dependency The latest release

https://github.com/intercloud/gobinsec

Tool to perform security check on dependencies embedded in given Go binary

Gobinsec This tool parses Go binary dependencies and calls NVD database to produce a vulnerability report Binaries must have been built with module support to be analyzed with Gobinsec Table of Contents Installation Usage Configuration Cache Memcachier Memcached File Timeout and Expiration Versions How to Fix Vulnerabilities Information about vulnerabilities How Gobinsec

https://github.com/hnts/vulnerability-exporter

A Prometheus Exporter for managing vulnerabilities in kubernetes by using trivy

Kubernetes Vulnerability Exporter A Prometheus Exporter for managing vulnerabilities in kubernetes by using trivy Abstract ! This project is under development Vulnerability exporter scan and export vulnerabilities of images and nodes in kubernetes cluster Inspirated by kube-trivy-expoter Image Scan Image Scan scans for vulnerabilities in container images of workloads deploye

References

CWE-835https://groups.google.com/forum/#%21topic/golang-announce/bXVeAmGOqz0https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964271https://nvd.nist.govhttps://github.com/saveourtool/osv4khttps://alas.aws.amazon.com/AL2/ALAS-2020-1494.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook