Описание
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
Отчет
This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| cert-manager Operator for Red Hat OpenShift | cert-manager/jetstack-cert-manager-acmesolver-rhel9 | Not affected | ||
| Custom Metric Autoscaler operator for Red Hat Openshift | custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8 | Will not fix | ||
| Custom Metric Autoscaler operator for Red Hat Openshift | custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8 | Will not fix | ||
| Custom Metric Autoscaler operator for Red Hat Openshift | custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8 | Will not fix | ||
| Fence Agents Remediation Operator | workload-availability/fence-agents-remediation-operator-bundle | Not affected | ||
| Fence Agents Remediation Operator | workload-availability/fence-agents-remediation-rhel8-operator | Affected | ||
| Logical Volume Manager Storage | lvms4/lvms-must-gather-rhel9 | Affected | ||
| Logical Volume Manager Storage | lvms4/lvms-rhel9-operator | Affected | ||
| Migration Toolkit for Applications 7 | mta-discovery-addon-container | Will not fix | ||
| Migration Toolkit for Applications 7 | mta-dotnet-external-provider-container | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
Non-linear parsing of case-insensitive content in golang.org/x/net/html
An attacker can craft an input to the Parse functions that would be pr ...
Non-linear parsing of case-insensitive content in golang.org/x/net/html
EPSS
7.5 High
CVSS3