95 matches found
Design/Logic Flaw
The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification...
CVE-2018-17846
CVE-2018-17846: The Go html package (x/net/html) up to 2018-09-25 mishandles certain HTML fragments, causing an infinite loop in html.Parse due to inSelectIM and inSelectInTableIM noncompliance with the spec. Impact described as denial of service (infinite loop) during parsing. Connected sources ...
CVE-2018-17847
The CVE-2018-17847 entry describes a denial of service condition in Go’s html package (x/net/html) triggered by parsing HTML that includes certain SVG/Template constructs. The root cause is an index-out-of-range fault in nodeStack.pop called during html.Parse, which can be exploited by sending a ...
CVE-2018-17848
CVE-2018-17848 affects Go’s html package (x/net/html); the vulnerability is a denial of service via a panic: runtime error (index out of range) in insertionModeStack.pop called from inHeadIM during html.Parse when encountering specific tags like . The initial description notes the parser mishandl...
CVE-2018-17846
The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification...
CVE-2018-17847
The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" index out of range in nodeStack.pop in node.go, called from parser.clearActiveFormattingElements, during an html.Parse call...
CVE-2018-17848
The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" index out of range in insertionModeStack.pop in node.go, called from inHeadIM, during an html.Parse call...
CVE-2018-17847
Removed by vendor...
CVE-2018-17848
Removed by vendor...
CVE-2018-17846
Removed by vendor...
PT-2018-14220 · Google · X/Net/Html
Name of the Vulnerable Software and Affected Versions: html package aka x/net/html versions through 2018-09-25 Description: The issue arises from the html package mishandling certain HTML tags, such as and , leading to a "panic: runtime error" index out of range during an html.Parse call. This...
PT-2018-14219 · Google · Html Package
Name of the Vulnerable Software and Affected Versions: html package aka x/net/html versions through 2018-09-25 Description: The issue is related to the html package mishandling certain HTML inputs, such as , leading to a "panic: runtime error" index out of range in nodeStack.pop or...
PT-2018-14218 · Google · Html
Name of the Vulnerable Software and Affected Versions: html package aka x/net/html through 2018-09-25 Description: The issue arises from the mishandling of specific HTML tags, such as , which can cause an infinite loop during an html.Parse call. This occurs because inSelectIM and inSelectInTableI...
CVE-2018-17075
The html package aka x/net/html before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of , , or . This is related to HTMLTreeBuilder.cpp in WebKit...
CVE-2018-17143
The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call...
CVE-2018-17142
The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call...
Hardcoded credentials
The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call...
CVE-2018-17143
The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call...
Hardcoded credentials
The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call...
CVE-2018-17143
The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call...