logo

Database

Asymmetric denial of service In golang.org/x/net/html

Description

golang.org/x/net/html NULL Pointer Dereference vulnerability The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-170752. NVD-2018-170753. OSV-2018-170754. GHSA-5p4h-3377-7w675. GCVE-2018-17075

References

1. https://github.com/golang/go/issues/270162. https://github.com/golang/net/commit/aaf60122140d3fcf75376d319f0554393160eb503. https://bugs.chromium.org/p/chromium/issues/detail?id=8296684. https://lists.fedoraproject.org/archives/list/[email protected]/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON/5. https://lists.fedoraproject.org/archives/list/[email protected]/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK/6. https://go-review.googlesource.com/c/net/+/94838/9/html/parse.go#19067. https://go.dev/cl/1237768. https://go.dev/issue/270169. https://go.googlesource.com/net/+/aaf60122140d3fcf75376d319f0554393160eb5010. https://pkg.go.dev/vuln/GO-2021-007811. https://lists.fedoraproject.org/archives/list/[email protected]/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON12. https://lists.fedoraproject.org/archives/list/[email protected]/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.