Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-50565

CVE-2024-45338 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

XMLWordPrintable

    • Critical
    • None
    • False
    • Hide

      None

      Show
      None
    • Hide
      Cause: Inefficient HTML parsing in golang.org/x/net/html caused excessive processing time for crafted inputs.
      Consequence: An attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.
      Fix: Updated to golang.org/x/net v0.33.0 with optimized parsing logic.
      Result: Improved performance and stability when handling HTML content.
      Show
      Cause: Inefficient HTML parsing in golang.org/x/net/html caused excessive processing time for crafted inputs. Consequence: An attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources. Fix: Updated to golang.org/x/net v0.33.0 with optimized parsing logic. Result: Improved performance and stability when handling HTML content.
    • False

      Security Tracking Issue

      Do not make this issue public.

      Flaw:

      Non-linear parsing of case-insensitive content in golang.org/x/net/html
      https://bugzilla.redhat.com/show_bug.cgi?id=2333122

      An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

              amshriva01 Aman Shrivastava
              amshriva01 Aman Shrivastava
              Zhaohua Sun Zhaohua Sun
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: