Inefficient Algorithmic Complexity

Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in parse.go, when checking attributes iteratively. An attacker can cause excessive CPU consumption by providi...

golang.org/x/net/html NULL Pointer Dereference vulnerability

The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call...

NULL Pointer Dereference

The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call...

Denial Of Service (DoS)

github.com/golang/go is vulnerable to Denial Of Service DoS. An attacker can crash the application by providing a deeply nested regular expression to reuse function of parse.go...

CVE-2018-17143

The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call...

CVE-2018-17142

The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call...

CVE-2018-17143

Removed by vendor...

CVE-2018-17142

Removed by vendor...

CVE-2018-17142

CVE-2018-17142: Golang Go html package vulnerability (html.Parse) causing a runtime panic due to invalid memory address. Public records show IBM bulletins listing this CVE within IBM Storage Defender – Data Protect and related IBM products, with remediation involving upgrading to a newer fixed re...