Search CVE reports
11 – 17 of 17 results
golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.
3 affected packages
golang-golang-x-net-dev, google-guest-agent, golang-golang-x-net
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-golang-x-net-dev | Not in release | Not in release | Needs evaluation | Needs evaluation |
| google-guest-agent | Not affected | Not affected | Not affected | Not affected |
| golang-golang-x-net | Needs evaluation | Needs evaluation | Not in release | Not in release |
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM,...
2 affected packages
golang-go.net-dev, golang-golang-x-net-dev
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-go.net-dev | — | — | — | Not in release |
| golang-golang-x-net-dev | — | — | — | Not affected |
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called...
2 affected packages
golang-go.net-dev, golang-golang-x-net-dev
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-go.net-dev | — | — | — | Not in release |
| golang-golang-x-net-dev | — | — | — | Not affected |
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a...
2 affected packages
golang-go.net-dev, golang-golang-x-net-dev
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-go.net-dev | Not in release | Not in release | Not in release | Not in release |
| golang-golang-x-net-dev | Not in release | Not in release | Vulnerable | Vulnerable |
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call.
1 affected package
golang-golang-x-net-dev
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-golang-x-net-dev | — | — | — | Not affected |
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call.
1 affected package
golang-golang-x-net-dev
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-golang-x-net-dev | — | — | — | Not affected |
The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This is...
2 affected packages
golang-go.net-dev, golang-golang-x-net-dev
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-go.net-dev | — | — | — | Not in release |
| golang-golang-x-net-dev | — | — | — | Not affected |