github.com/golang/text is vulnerable to denial of service (DoS). The attack is possible because it does not properly handle the single-byte UTF-16 inputs passing to a UTF-16 decoder, causing an infinite loop if the return value from transformer is ErrShortSrc
with atEOF
true.