logo

Database

Improper resource allocation - Buffer overflow In golang.org/x/net/html

Description

golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a panic: runtime error (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-178472. NVD-2018-178473. OSV-2018-178474. GHSA-4r78-hx75-jjj25. GCVE-2018-17847

References

1. https://github.com/golang/go/issues/278462. https://lists.fedoraproject.org/archives/list/[email protected]/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON/3. https://lists.fedoraproject.org/archives/list/[email protected]/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK/4. https://go.dev/cl/1593975. https://go.dev/issue/278466. https://go.googlesource.com/net/+/4b62a64f59f73840b9ab79204c94fee61cd1ba2c7. https://pkg.go.dev/vuln/GO-2022-01978. https://lists.fedoraproject.org/archives/list/[email protected]/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON9. https://lists.fedoraproject.org/archives/list/[email protected]/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.