Vulnerabilities > CVE-2018-17846 - Infinite Loop vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 10 | |
OS | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Fedora Local Security Checks |
NASL id | FEDORA_2019-07D447A1D3.NASL |
description | Bump to commit 16b79f2e4e95ea23b2bf9903c9809ff7b013ce85 Security fixes for CVE-2018-17143, CVE-2018-17142, CVE-2018-17075, CVE-2018-17846, CVE-2018-17847, CVE-2018-17848 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 123033 |
published | 2019-03-25 |
reporter | This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/123033 |
title | Fedora 28 : golang-googlecode-net (2019-07d447a1d3) |
code |
|
References
- https://github.com/golang/go/issues/27842
- https://github.com/golang/go/issues/27842
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK/