Description
Non-linear parsing of case-insensitive content in golang.org/x/net/html
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 13 | | | 1:0.27.0-2 |
debian 11 | | =1:0.0+git20210119.5f4716e+dfsg-4 || =1:0.0+git20210805.aaa1db6+dfsg-1 || =1:0.0+git20211209.491a49a+dfsg-1 || =1:0.0+git20211209.491a49a+dfsg-1~bpo11+1 || =1:0.0+git20220225.27dd868+dfsg-1 || =1:0.0+git20220531.c960675+dfsg-1 || =1:0.0+git20220624.1bab6f3+dfsg-1 || =1:0.0+git20220728.c7608f3+dfsg-1 || =1:0.0+git20220728.c7608f3+dfsg-2 || =1:0.0+git20220728.c7608f3+dfsg-2~bpo11+1 || =1:0.0+git20221012.0b7e1fb+dfsg-1 || =1:0.0+git20221012.0b7e1fb+dfsg-1~bpo11+1 || =1:0.1.0+dfsg-1 || =1:0.10.0-1 || =1:0.11.0-1 || =1:0.14.0-1 || =1:0.15.0-1 || =1:0.15.0-2 || =1:0.17.0+dfsg-1 || =1:0.19.0+dfsg-1 || =1:0.20.0+dfsg-1 || =1:0.21.0+dfsg-1 || =1:0.22.0+dfsg-1 || =1:0.23.0+dfsg-1 || =1:0.24.0+dfsg-1 || =1:0.25.0+dfsg-1 || =1:0.26.0+dfsg-1 || =1:0.26.0+dfsg-2 || =1:0.27.0-1 || =1:0.27.0-2 || =1:0.4.0+dfsg-1 || =1:0.47.0-1 || =1:0.47.0-2 || =1:0.53.0-1 || =1:0.53.0-2 || =1:0.7.0+dfsg-1 | - |
debian 12 | | =1:0.10.0-1 || =1:0.11.0-1 || =1:0.14.0-1 || =1:0.15.0-1 || =1:0.15.0-2 || =1:0.17.0+dfsg-1 || =1:0.19.0+dfsg-1 || =1:0.20.0+dfsg-1 || =1:0.21.0+dfsg-1 || =1:0.22.0+dfsg-1 || =1:0.23.0+dfsg-1 || =1:0.24.0+dfsg-1 || =1:0.25.0+dfsg-1 || =1:0.26.0+dfsg-1 || =1:0.26.0+dfsg-2 || =1:0.27.0-1 || =1:0.27.0-2 || =1:0.47.0-1 || =1:0.47.0-2 || =1:0.53.0-1 || =1:0.53.0-2 || =1:0.7.0+dfsg-1 | - |
debian 14 | | | 1:0.27.0-2 |
 go | | | 0.33.0 |
go | | | 0.33.0 |
