CVE-2020-14040 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-14040 Interim 1 7 2025-02-17T01:26:59Z current 2021-05-30T14:40:53Z 2025-02-17T01:26:59Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-14040 The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 8 buildah-1.15.1-2.module+el8.3.0+8221+97165c3f buildah-tests-1.15.1-2.module+el8.3.0+8221+97165c3f cockpit-podman-18.1-2.module+el8.3.0+8221+97165c3f conmon-2.0.20-2.module+el8.3.0+8221+97165c3f container-selinux-2.144.0-1.module+el8.3.0+8221+97165c3f containernetworking-plugins-0.8.6-2.module+el8.3.0+8221+97165c3f containers-common-1.1.1-3.module+el8.3.0+8221+97165c3f crit-3.14-2.module+el8.3.0+8221+97165c3f criu-3.14-2.module+el8.3.0+8221+97165c3f crun-0.14.1-2.module+el8.3.0+8221+97165c3f delve-1.3.2-3.module+el8.2.0+5581+896cb53e fuse-overlayfs-1.1.2-3.module+el8.3.0+8221+97165c3f go-toolset-1.13.15-1.module+el8.2.0+7662+fa98b974 golang-1.13.15-1.module+el8.2.0+7662+fa98b974 golang-bin-1.13.15-1.module+el8.2.0+7662+fa98b974 golang-docs-1.13.15-1.module+el8.2.0+7662+fa98b974 golang-misc-1.13.15-1.module+el8.2.0+7662+fa98b974 golang-race-1.13.15-1.module+el8.2.0+7662+fa98b974 golang-src-1.13.15-1.module+el8.2.0+7662+fa98b974 golang-tests-1.13.15-1.module+el8.2.0+7662+fa98b974 libslirp-4.3.1-1.module+el8.3.0+8221+97165c3f libslirp-devel-4.3.1-1.module+el8.3.0+8221+97165c3f oci-seccomp-bpf-hook-1.1.2-3.module+el8.3.0+8221+97165c3f podman-2.0.5-5.module+el8.3.0+8221+97165c3f podman-catatonit-2.0.5-5.module+el8.3.0+8221+97165c3f podman-docker-2.0.5-5.module+el8.3.0+8221+97165c3f podman-remote-2.0.5-5.module+el8.3.0+8221+97165c3f podman-tests-2.0.5-5.module+el8.3.0+8221+97165c3f python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.3.0+8221+97165c3f python3-criu-3.14-2.module+el8.3.0+8221+97165c3f runc-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f skopeo-1.1.1-3.module+el8.3.0+8221+97165c3f skopeo-tests-1.1.1-3.module+el8.3.0+8221+97165c3f slirp4netns-1.1.4-2.module+el8.3.0+8221+97165c3f toolbox-0.0.8-1.module+el8.3.0+8221+97165c3f udica-0.2.2-1.module+el8.3.0+8221+97165c3f buildah-1.15.1-2.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 buildah-tests-1.15.1-2.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 cockpit-podman-18.1-2.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 conmon-2.0.20-2.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 container-selinux-2.144.0-1.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 containernetworking-plugins-0.8.6-2.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 containers-common-1.1.1-3.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 crit-3.14-2.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 criu-3.14-2.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 crun-0.14.1-2.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 delve-1.3.2-3.module+el8.2.0+5581+896cb53e as a component of SUSE Liberty Linux 8 fuse-overlayfs-1.1.2-3.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 go-toolset-1.13.15-1.module+el8.2.0+7662+fa98b974 as a component of SUSE Liberty Linux 8 golang-1.13.15-1.module+el8.2.0+7662+fa98b974 as a component of SUSE Liberty Linux 8 golang-bin-1.13.15-1.module+el8.2.0+7662+fa98b974 as a component of SUSE Liberty Linux 8 golang-docs-1.13.15-1.module+el8.2.0+7662+fa98b974 as a component of SUSE Liberty Linux 8 golang-misc-1.13.15-1.module+el8.2.0+7662+fa98b974 as a component of SUSE Liberty Linux 8 golang-race-1.13.15-1.module+el8.2.0+7662+fa98b974 as a component of SUSE Liberty Linux 8 golang-src-1.13.15-1.module+el8.2.0+7662+fa98b974 as a component of SUSE Liberty Linux 8 golang-tests-1.13.15-1.module+el8.2.0+7662+fa98b974 as a component of SUSE Liberty Linux 8 libslirp-4.3.1-1.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 libslirp-devel-4.3.1-1.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 oci-seccomp-bpf-hook-1.1.2-3.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 podman-2.0.5-5.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 podman-catatonit-2.0.5-5.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 podman-docker-2.0.5-5.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 podman-remote-2.0.5-5.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 podman-tests-2.0.5-5.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 python3-criu-3.14-2.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 runc-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 skopeo-1.1.1-3.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 skopeo-tests-1.1.1-3.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 slirp4netns-1.1.4-2.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 toolbox-0.0.8-1.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 udica-0.2.2-1.module+el8.3.0+8221+97165c3f as a component of SUSE Liberty Linux 8 The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String. CVE-2020-14040 SUSE Liberty Linux 8:buildah-1.15.1-2.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:buildah-tests-1.15.1-2.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:cockpit-podman-18.1-2.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:conmon-2.0.20-2.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:container-selinux-2.144.0-1.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:containernetworking-plugins-0.8.6-2.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:containers-common-1.1.1-3.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:crit-3.14-2.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:criu-3.14-2.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:crun-0.14.1-2.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:delve-1.3.2-3.module+el8.2.0+5581+896cb53e SUSE Liberty Linux 8:fuse-overlayfs-1.1.2-3.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:go-toolset-1.13.15-1.module+el8.2.0+7662+fa98b974 SUSE Liberty Linux 8:golang-1.13.15-1.module+el8.2.0+7662+fa98b974 SUSE Liberty Linux 8:golang-bin-1.13.15-1.module+el8.2.0+7662+fa98b974 SUSE Liberty Linux 8:golang-docs-1.13.15-1.module+el8.2.0+7662+fa98b974 SUSE Liberty Linux 8:golang-misc-1.13.15-1.module+el8.2.0+7662+fa98b974 SUSE Liberty Linux 8:golang-race-1.13.15-1.module+el8.2.0+7662+fa98b974 SUSE Liberty Linux 8:golang-src-1.13.15-1.module+el8.2.0+7662+fa98b974 SUSE Liberty Linux 8:golang-tests-1.13.15-1.module+el8.2.0+7662+fa98b974 SUSE Liberty Linux 8:libslirp-4.3.1-1.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:libslirp-devel-4.3.1-1.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:oci-seccomp-bpf-hook-1.1.2-3.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:podman-2.0.5-5.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:podman-catatonit-2.0.5-5.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:podman-docker-2.0.5-5.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:podman-remote-2.0.5-5.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:podman-tests-2.0.5-5.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:python3-criu-3.14-2.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:runc-1.0.0-68.rc92.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:skopeo-1.1.1-3.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:skopeo-tests-1.1.1-3.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:slirp4netns-1.1.4-2.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:toolbox-0.0.8-1.module+el8.3.0+8221+97165c3f SUSE Liberty Linux 8:udica-0.2.2-1.module+el8.3.0+8221+97165c3f important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H