x/vulndb: potential Go vuln in golang.org/x/net: CVE-2024-45338 #3333
Assignees
Labels
Comments
|
Public |
|
Change https://go.dev/cl/637537 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Dec 18, 2024
- data/reports/GO-2024-3333.yaml Updates #3333 Change-Id: Id9b61dd02b98b6afe8061b66207f9c4d7680ef39 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/637537 Auto-Submit: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
|
Change https://go.dev/cl/637959 mentions this issue: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello gophers,
We have tagged version v0.33.0 of golang.org/x/net in order to address a security issue.
x/net/html: non-linear parsing of case-insensitive content
Version v0.33.0 of golang.org/x/net fixes a vulnerability in the golang.org/x/net/html package which could cause a denial of service.
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing.
Thanks to Guido Vranken for reporting this issue.
This is CVE-2024-45338 and Go issue https://go.dev/issue/70906.
Cheers,
Go Security team
https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ
The text was updated successfully, but these errors were encountered: