UNKNOWN Go
Non-linear parsing of case-insensitive content in golang.org/x/net/html
GHSA-w32m-9786-jp63 · CVE-2024-45338 · GO-2024-3333
Published · Modified
Description
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-45338
- WEB https://github.com/golang/go/issues/70906
- PACKAGE https://cs.opensource.google/go/x/net
- WEB https://go.dev/cl/637536
- WEB https://go.dev/issue/70906
- WEB https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ
- WEB https://pkg.go.dev/vuln/GO-2024-3333
Ready to move
Start Securing
Free, no credit card | First findings in minutes