Investigate vulnerability: Loop with Unreachable Exit Condition (Infinite Loop)

Issue created from vulnerability 60735193

Description:

The x/text package for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.

Severity: high
Location: tools/protolint/go.sum

Solution:

Upgrade to version 0.3.3 or above.

Identifiers:

Gemnasium-8ab0265a-d1a9-4085-a661-0d9d9931f0ad
CVE-2020-14040

Scanner:

Name: Gemnasium

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Investigate vulnerability: Loop with Unreachable Exit Condition (Infinite Loop)

Description:

Solution:

Identifiers:

Links:

Scanner: