GHSA-w32m-9786-jp63

Опубликовано: 18 дек. 2024

Источник: github

Github: Прошло ревью

CVSS4: 8.7

Описание

Non-linear parsing of case-insensitive content in golang.org/x/net/html

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

Ссылки

Пакеты

Наименование

golang.org/x/net/html

Затронутые версииВерсия исправления

< 0.33.0

0.33.0

EPSS

Процентиль: 38%

0.00159

Низкий

8.7 High

CVSS4

CVE ID

CVE-2024-45338

Дефекты

CWE-770

Связанные уязвимости

CVE-2024-45338

CVSS3: 5.3

ubuntu

6 месяцев назад

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

CVE-2024-45338

CVSS3: 7.5

redhat

6 месяцев назад

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

CVE-2024-45338

CVSS3: 5.3

nvd

6 месяцев назад

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

CVE-2024-45338

CVSS3: 5.3

msrc

5 месяцев назад

Описание отсутствует

CVE-2024-45338

CVSS3: 5.3

debian

6 месяцев назад

An attacker can craft an input to the Parse functions that would be pr ...

EPSS

Процентиль: 38%

0.00159

Низкий

8.7 High

CVSS4

CVE ID

CVE-2024-45338

Дефекты

CWE-770