CVE-2018-17846 — Infinite Loop in X NET
Severity
7.5HIGHNVD
EPSS
0.7%
top 29.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 1
Latest updateSep 25
Description
The html package (aka x/net/html) through 2018-09-25 in Go mishandles , leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages2 packages
Also affects: Fedora 28, 29
🔴Vulnerability Details
5📋Vendor Advisories
1Red Hat▶
golang-org-x-net-html: infinite loop during html.Parse() via inSelectIM and inSelectInTableIM↗2018-10-01
💬Community
7Bugzilla▶
CVE-2018-17846 heketi: golang-org-x-net-html: infinite loop during html.Parse() via inSelectIM and inSelectInTableIM [fedora-all]↗2018-10-15
Bugzilla▶
CVE-2018-17846 heketi: golang-org-x-net-html: infinite loop during html.Parse() via inSelectIM and inSelectInTableIM [epel-6]↗2018-10-15
Bugzilla▶
CVE-2018-17846 kompose: golang-org-x-net-html: infinite loop during html.Parse() via inSelectIM and inSelectInTableIM [fedora-all]↗2018-10-15
Bugzilla▶
CVE-2018-17846 golang-googlecode-net: golang-org-x-net-html: infinite loop during html.Parse() via inSelectIM and inSelectInTableIM [fedora-all]↗2018-10-15
Bugzilla▶
CVE-2018-17846 golang-org-x-net-html: infinite loop during html.Parse() via inSelectIM and inSelectInTableIM↗2018-10-15