1. CVE-Search
  2. CVE-2018-17846
ID CVE-2018-17846
Summary The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification.
References
Vulnerable Configurations
  • cpe:2.3:a:golang:net:2018-07-02:*:*:*:*:*:*:*
    cpe:2.3:a:golang:net:2018-07-02:*:*:*:*:*:*:*
  • cpe:2.3:a:golang:net:2018-07-06:*:*:*:*:*:*:*
    cpe:2.3:a:golang:net:2018-07-06:*:*:*:*:*:*:*
  • cpe:2.3:a:golang:net:2018-07-09:*:*:*:*:*:*:*
    cpe:2.3:a:golang:net:2018-07-09:*:*:*:*:*:*:*
  • cpe:2.3:a:golang:net:2018-07-10:*:*:*:*:*:*:*
    cpe:2.3:a:golang:net:2018-07-10:*:*:*:*:*:*:*
  • cpe:2.3:a:golang:net:2018-07-12:*:*:*:*:*:*:*
    cpe:2.3:a:golang:net:2018-07-12:*:*:*:*:*:*:*
  • cpe:2.3:a:golang:net:2018-09-11:*:*:*:*:*:*:*
    cpe:2.3:a:golang:net:2018-09-11:*:*:*:*:*:*:*
  • cpe:2.3:a:golang:net:2018-09-17:*:*:*:*:*:*:*
    cpe:2.3:a:golang:net:2018-09-17:*:*:*:*:*:*:*
  • cpe:2.3:a:golang:net:2018-09-21:*:*:*:*:*:*:*
    cpe:2.3:a:golang:net:2018-09-21:*:*:*:*:*:*:*
  • cpe:2.3:a:golang:net:2018-09-25:*:*:*:*:*:*:*
    cpe:2.3:a:golang:net:2018-09-25:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 02-06-2020 - 20:42)
Impact:
Exploitability:
CWE CWE-835
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
fedora
  • FEDORA-2019-07d447a1d3
  • FEDORA-2019-07e8e806e0
misc https://github.com/golang/go/issues/27842
Last major update 02-06-2020 - 20:42
Published 01-10-2018 - 08:29
Last modified 02-06-2020 - 20:42
Back to Top