1. CVE-Search
  2. CVE-2018-17142
ID CVE-2018-17142
Summary The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call.
References
Vulnerable Configurations
  • cpe:2.3:a:golang:net:2018-07-02:*:*:*:*:*:*:*
    cpe:2.3:a:golang:net:2018-07-02:*:*:*:*:*:*:*
  • cpe:2.3:a:golang:net:2018-07-06:*:*:*:*:*:*:*
    cpe:2.3:a:golang:net:2018-07-06:*:*:*:*:*:*:*
  • cpe:2.3:a:golang:net:2018-07-09:*:*:*:*:*:*:*
    cpe:2.3:a:golang:net:2018-07-09:*:*:*:*:*:*:*
  • cpe:2.3:a:golang:net:2018-07-10:*:*:*:*:*:*:*
    cpe:2.3:a:golang:net:2018-07-10:*:*:*:*:*:*:*
  • cpe:2.3:a:golang:net:2018-07-12:*:*:*:*:*:*:*
    cpe:2.3:a:golang:net:2018-07-12:*:*:*:*:*:*:*
  • cpe:2.3:a:golang:net:2018-09-11:*:*:*:*:*:*:*
    cpe:2.3:a:golang:net:2018-09-11:*:*:*:*:*:*:*
  • cpe:2.3:a:golang:net:2018-09-17:*:*:*:*:*:*:*
    cpe:2.3:a:golang:net:2018-09-17:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
fedora
  • FEDORA-2019-07d447a1d3
  • FEDORA-2019-07e8e806e0
misc https://github.com/golang/go/issues/27702
Last major update 24-08-2020 - 17:37
Published 17-09-2018 - 14:29
Last modified 24-08-2020 - 17:37
Back to Top