Описание
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-golang-x-net | fixed | 1:0.47.0-1 | package | |
| golang-golang-x-net | no-dsa | trixie | package | |
| golang-golang-x-net | no-dsa | bookworm | package | |
| golang-golang-x-net | postponed | bullseye | package |
Примечания
https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c
https://github.com/golang/go/issues/70179
Fixed by: https://github.com/golang/net/commit/6ec8895aa5f6594da7356da7d341b98133629009 (v0.45.0)
Связанные уязвимости
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
