AZL-41469

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-41469.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-41469

Upstream

CVE-2021-38561

Published

2022-12-26T06:15:10Z

Modified

2026-04-01T05:14:21.212744Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2021-38561 affecting package cni for versions less than 1.1.2-2

Details

golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-38561

Affected packages

Azure Linux:3 / cni

Package

Name: cni
Purl: pkg:rpm/azure-linux/cni

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.2-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-41469.json"