Rapid7 Vulnerability & Exploit Database

Red Hat OpenShift: CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

Red Hat OpenShift: CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
12/26/2022
Created
08/21/2023
Added
08/21/2023
Modified
11/14/2023

Description

golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.

Solution(s)

  • linuxrpm-upgrade-cri-o
  • linuxrpm-upgrade-haproxy
  • linuxrpm-upgrade-kernel-rt
  • linuxrpm-upgrade-openshift

References

  • https://attackerkb.com/topics/cve-2021-38561
  • CVE - 2021-38561
  • RHSA-2022:5070
  • RHSA-2022:5525
  • RHSA-2022:5556
  • RHSA-2022:5908
  • RHSA-2022:5909
  • RHSA-2022:6051
  • RHSA-2022:6263
  • RHSA-2022:6287
  • RHSA-2022:6318
  • RHSA-2022:6346
  • RHSA-2022:6526
  • RHSA-2022:6537
  • RHSA-2022:7399
  • RHSA-2022:7401
  • RHSA-2022:8750
  • RHSA-2023:0245
  • RHSA-2023:0407
  • RHSA-2023:0408
  • RHSA-2023:0566
  • RHSA-2023:0652
  • RHSA-2023:0774
  • RHSA-2023:0890
  • RHSA-2023:0895
  • RHSA-2023:1326
  • RHSA-2023:1328
  • RHSA-2023:1409
  • RHSA-2023:1504
  • RHSA-2023:3542
  • RHSA-2023:4310
View more

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;