1. CVE-Search
  2. CVE-2020-14040
ID CVE-2020-14040
Summary The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
References
Vulnerable Configurations
  • cpe:2.3:a:golang:text:0.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:golang:text:0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:golang:text:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:golang:text:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:golang:text:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:golang:text:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:golang:text:0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:golang:text:0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:golang:text:0.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:golang:text:0.3.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 18-11-2020 - 14:44)
Impact:
Exploitability:
CWE CWE-835
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1879622
title `podman images --all` fails on images with digest
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • comment Module container-tools:rhel8 is enabled
      oval oval:com.redhat.rhsa:tst:20190975043
    • OR
      • AND
        • comment buildah is earlier than 0:1.15.1-2.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694001
        • comment buildah is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20190975002
      • AND
        • comment buildah-debugsource is earlier than 0:1.15.1-2.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694003
        • comment buildah-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20190975004
      • AND
        • comment buildah-tests is earlier than 0:1.15.1-2.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694005
        • comment buildah-tests is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193403006
      • AND
        • comment cockpit-podman is earlier than 0:18.1-2.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694007
        • comment cockpit-podman is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193403008
      • AND
        • comment conmon is earlier than 2:2.0.20-2.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694009
        • comment conmon is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20200348010
      • AND
        • comment container-selinux is earlier than 2:2.144.0-1.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694011
        • comment container-selinux is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20190975006
      • AND
        • comment containernetworking-plugins is earlier than 0:0.8.6-2.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694013
        • comment containernetworking-plugins is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20190975008
      • AND
        • comment containernetworking-plugins-debugsource is earlier than 0:0.8.6-2.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694015
        • comment containernetworking-plugins-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20190975010
      • AND
        • comment containers-common is earlier than 1:1.1.1-3.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694017
        • comment containers-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20190975012
      • AND
        • comment crit is earlier than 0:3.14-2.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694019
        • comment crit is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201650020
      • AND
        • comment criu is earlier than 0:3.14-2.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694021
        • comment criu is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201650022
      • AND
        • comment criu-debugsource is earlier than 0:3.14-2.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694023
        • comment criu-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201650024
      • AND
        • comment crun is earlier than 0:0.14.1-2.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694025
        • comment crun is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20204694026
      • AND
        • comment crun-debugsource is earlier than 0:0.14.1-2.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694027
        • comment crun-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20204694028
      • AND
        • comment fuse-overlayfs is earlier than 0:1.1.2-3.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694029
        • comment fuse-overlayfs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20190975014
      • AND
        • comment fuse-overlayfs-debugsource is earlier than 0:1.1.2-3.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694031
        • comment fuse-overlayfs-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20190975016
      • AND
        • comment libslirp is earlier than 0:4.3.1-1.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694033
        • comment libslirp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20203053030
      • AND
        • comment libslirp-debugsource is earlier than 0:4.3.1-1.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694035
        • comment libslirp-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20203053032
      • AND
        • comment libslirp-devel is earlier than 0:4.3.1-1.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694037
        • comment libslirp-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20203053034
      • AND
        • comment oci-seccomp-bpf-hook is earlier than 0:1.1.2-3.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694039
        • comment oci-seccomp-bpf-hook is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20204694040
      • AND
        • comment oci-seccomp-bpf-hook-debugsource is earlier than 0:1.1.2-3.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694041
        • comment oci-seccomp-bpf-hook-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20204694042
      • AND
        • comment podman is earlier than 0:2.0.5-5.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694043
        • comment podman is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20190975026
      • AND
        • comment podman-catatonit is earlier than 0:2.0.5-5.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694045
        • comment podman-catatonit is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20204694046
      • AND
        • comment podman-debugsource is earlier than 0:2.0.5-5.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694047
        • comment podman-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20190975028
      • AND
        • comment podman-docker is earlier than 0:2.0.5-5.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694049
        • comment podman-docker is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20190975030
      • AND
        • comment podman-remote is earlier than 0:2.0.5-5.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694051
        • comment podman-remote is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193403038
      • AND
        • comment podman-tests is earlier than 0:2.0.5-5.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694053
        • comment podman-tests is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193403040
      • AND
        • comment python-podman-api is earlier than 0:1.2.0-0.2.gitd0a45fe.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694055
        • comment python-podman-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193403042
      • AND
        • comment python3-criu is earlier than 0:3.14-2.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694057
        • comment python3-criu is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201650042
      • AND
        • comment runc is earlier than 0:1.0.0-68.rc92.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694059
        • comment runc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20190975032
      • AND
        • comment runc-debugsource is earlier than 0:1.0.0-68.rc92.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694061
        • comment runc-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20190975034
      • AND
        • comment skopeo is earlier than 1:1.1.1-3.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694063
        • comment skopeo is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20190975036
      • AND
        • comment skopeo-debugsource is earlier than 1:1.1.1-3.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694065
        • comment skopeo-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20190975038
      • AND
        • comment skopeo-tests is earlier than 1:1.1.1-3.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694067
        • comment skopeo-tests is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193403052
      • AND
        • comment slirp4netns is earlier than 0:1.1.4-2.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694069
        • comment slirp4netns is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20190975040
      • AND
        • comment slirp4netns-debugsource is earlier than 0:1.1.4-2.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694071
        • comment slirp4netns-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20190975042
      • AND
        • comment toolbox is earlier than 0:0.0.8-1.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694073
        • comment toolbox is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193403058
      • AND
        • comment udica is earlier than 0:0.2.2-1.module+el8.3.0+8221+97165c3f
          oval oval:com.redhat.rhsa:tst:20204694075
        • comment udica is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20200348054
rhsa
id RHSA-2020:4694
released 2020-11-04
severity Moderate
title RHSA-2020:4694: container-tools:rhel8 security, bug fix, and enhancement update (Moderate)
rpms
  • ior-0:1.1.6-1.el8
  • kiali-0:v1.12.10.redhat2-1.el7
  • servicemesh-0:1.1.6-1.el8
  • servicemesh-citadel-0:1.1.6-1.el8
  • servicemesh-cni-0:1.1.6-1.el8
  • servicemesh-galley-0:1.1.6-1.el8
  • servicemesh-grafana-0:6.4.3-13.el8
  • servicemesh-grafana-prometheus-0:6.4.3-13.el8
  • servicemesh-istioctl-0:1.1.6-1.el8
  • servicemesh-mixc-0:1.1.6-1.el8
  • servicemesh-mixs-0:1.1.6-1.el8
  • servicemesh-operator-0:1.1.6-2.el8
  • servicemesh-pilot-agent-0:1.1.6-1.el8
  • servicemesh-pilot-discovery-0:1.1.6-1.el8
  • servicemesh-prometheus-0:2.14.0-14.el8
  • servicemesh-sidecar-injector-0:1.1.6-1.el8
  • delve-0:1.3.2-3.module+el8.2.0+5581+896cb53e
  • delve-debuginfo-0:1.3.2-3.module+el8.2.0+5581+896cb53e
  • delve-debugsource-0:1.3.2-3.module+el8.2.0+5581+896cb53e
  • go-toolset-0:1.13.15-1.module+el8.2.0+7662+fa98b974
  • golang-0:1.13.15-1.module+el8.2.0+7662+fa98b974
  • golang-bin-0:1.13.15-1.module+el8.2.0+7662+fa98b974
  • golang-docs-0:1.13.15-1.module+el8.2.0+7662+fa98b974
  • golang-misc-0:1.13.15-1.module+el8.2.0+7662+fa98b974
  • golang-race-0:1.13.15-1.module+el8.2.0+7662+fa98b974
  • golang-src-0:1.13.15-1.module+el8.2.0+7662+fa98b974
  • golang-tests-0:1.13.15-1.module+el8.2.0+7662+fa98b974
  • go-toolset-1.13-0:1.13.15-1.el7
  • go-toolset-1.13-build-0:1.13.15-1.el7
  • go-toolset-1.13-golang-0:1.13.15-3.el7
  • go-toolset-1.13-golang-bin-0:1.13.15-3.el7
  • go-toolset-1.13-golang-docs-0:1.13.15-3.el7
  • go-toolset-1.13-golang-misc-0:1.13.15-3.el7
  • go-toolset-1.13-golang-race-0:1.13.15-3.el7
  • go-toolset-1.13-golang-src-0:1.13.15-3.el7
  • go-toolset-1.13-golang-tests-0:1.13.15-3.el7
  • go-toolset-1.13-runtime-0:1.13.15-1.el7
  • containers-common-1:1.1.1-2.rhaos4.6.el8
  • jenkins-2-plugins-0:4.6.1601368321-1.el8
  • openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7
  • openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8
  • openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7
  • openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8
  • podman-0:1.9.3-3.rhaos4.6.el8
  • podman-debuginfo-0:1.9.3-3.rhaos4.6.el8
  • podman-debugsource-0:1.9.3-3.rhaos4.6.el8
  • podman-docker-0:1.9.3-3.rhaos4.6.el8
  • podman-remote-0:1.9.3-3.rhaos4.6.el8
  • podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8
  • podman-tests-0:1.9.3-3.rhaos4.6.el8
  • runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7
  • runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8
  • runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7
  • runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8
  • runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8
  • skopeo-1:1.1.1-2.rhaos4.6.el8
  • skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8
  • skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8
  • skopeo-tests-1:1.1.1-2.rhaos4.6.el8
  • buildah-0:1.15.1-2.module+el8.3.0+8221+97165c3f
  • buildah-debuginfo-0:1.15.1-2.module+el8.3.0+8221+97165c3f
  • buildah-debugsource-0:1.15.1-2.module+el8.3.0+8221+97165c3f
  • buildah-tests-0:1.15.1-2.module+el8.3.0+8221+97165c3f
  • buildah-tests-debuginfo-0:1.15.1-2.module+el8.3.0+8221+97165c3f
  • cockpit-podman-0:18.1-2.module+el8.3.0+8221+97165c3f
  • conmon-2:2.0.20-2.module+el8.3.0+8221+97165c3f
  • container-selinux-2:2.144.0-1.module+el8.3.0+8221+97165c3f
  • containernetworking-plugins-0:0.8.6-2.module+el8.3.0+8221+97165c3f
  • containernetworking-plugins-debuginfo-0:0.8.6-2.module+el8.3.0+8221+97165c3f
  • containernetworking-plugins-debugsource-0:0.8.6-2.module+el8.3.0+8221+97165c3f
  • containers-common-1:1.1.1-3.module+el8.3.0+8221+97165c3f
  • crit-0:3.14-2.module+el8.3.0+8221+97165c3f
  • criu-0:3.14-2.module+el8.3.0+8221+97165c3f
  • criu-debuginfo-0:3.14-2.module+el8.3.0+8221+97165c3f
  • criu-debugsource-0:3.14-2.module+el8.3.0+8221+97165c3f
  • crun-0:0.14.1-2.module+el8.3.0+8221+97165c3f
  • crun-debuginfo-0:0.14.1-2.module+el8.3.0+8221+97165c3f
  • crun-debugsource-0:0.14.1-2.module+el8.3.0+8221+97165c3f
  • fuse-overlayfs-0:1.1.2-3.module+el8.3.0+8221+97165c3f
  • fuse-overlayfs-debuginfo-0:1.1.2-3.module+el8.3.0+8221+97165c3f
  • fuse-overlayfs-debugsource-0:1.1.2-3.module+el8.3.0+8221+97165c3f
  • libslirp-0:4.3.1-1.module+el8.3.0+8221+97165c3f
  • libslirp-debuginfo-0:4.3.1-1.module+el8.3.0+8221+97165c3f
  • libslirp-debugsource-0:4.3.1-1.module+el8.3.0+8221+97165c3f
  • libslirp-devel-0:4.3.1-1.module+el8.3.0+8221+97165c3f
  • oci-seccomp-bpf-hook-0:1.1.2-3.module+el8.3.0+8221+97165c3f
  • oci-seccomp-bpf-hook-debuginfo-0:1.1.2-3.module+el8.3.0+8221+97165c3f
  • oci-seccomp-bpf-hook-debugsource-0:1.1.2-3.module+el8.3.0+8221+97165c3f
  • podman-0:2.0.5-5.module+el8.3.0+8221+97165c3f
  • podman-catatonit-0:2.0.5-5.module+el8.3.0+8221+97165c3f
  • podman-catatonit-debuginfo-0:2.0.5-5.module+el8.3.0+8221+97165c3f
  • podman-debuginfo-0:2.0.5-5.module+el8.3.0+8221+97165c3f
  • podman-debugsource-0:2.0.5-5.module+el8.3.0+8221+97165c3f
  • podman-docker-0:2.0.5-5.module+el8.3.0+8221+97165c3f
  • podman-remote-0:2.0.5-5.module+el8.3.0+8221+97165c3f
  • podman-remote-debuginfo-0:2.0.5-5.module+el8.3.0+8221+97165c3f
  • podman-tests-0:2.0.5-5.module+el8.3.0+8221+97165c3f
  • python-podman-api-0:1.2.0-0.2.gitd0a45fe.module+el8.3.0+8221+97165c3f
  • python3-criu-0:3.14-2.module+el8.3.0+8221+97165c3f
  • runc-0:1.0.0-68.rc92.module+el8.3.0+8221+97165c3f
  • runc-debuginfo-0:1.0.0-68.rc92.module+el8.3.0+8221+97165c3f
  • runc-debugsource-0:1.0.0-68.rc92.module+el8.3.0+8221+97165c3f
  • skopeo-1:1.1.1-3.module+el8.3.0+8221+97165c3f
  • skopeo-debuginfo-1:1.1.1-3.module+el8.3.0+8221+97165c3f
  • skopeo-debugsource-1:1.1.1-3.module+el8.3.0+8221+97165c3f
  • skopeo-tests-1:1.1.1-3.module+el8.3.0+8221+97165c3f
  • slirp4netns-0:1.1.4-2.module+el8.3.0+8221+97165c3f
  • slirp4netns-debuginfo-0:1.1.4-2.module+el8.3.0+8221+97165c3f
  • slirp4netns-debugsource-0:1.1.4-2.module+el8.3.0+8221+97165c3f
  • toolbox-0:0.0.8-1.module+el8.3.0+8221+97165c3f
  • udica-0:0.2.2-1.module+el8.3.0+8221+97165c3f
  • containers-common-1:0.1.40-12.el7_9
  • skopeo-1:0.1.40-12.el7_9
  • skopeo-debuginfo-1:0.1.40-12.el7_9
  • buildah-0:1.11.6-12.el7_9
  • buildah-debuginfo-0:1.11.6-12.el7_9
  • podman-0:1.6.4-26.el7_9
  • podman-debuginfo-0:1.6.4-26.el7_9
  • podman-docker-0:1.6.4-26.el7_9
  • mcg-0:5.6.0-39.2279a46.5.6.el8
  • tini-0:0.18.0-5.el8
refmap via4
fedora FEDORA-2020-a55f130272
misc https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0
Last major update 18-11-2020 - 14:44
Published 17-06-2020 - 20:15
Last modified 18-11-2020 - 14:44
Back to Top