Action not permitted
Modal body text goes here.
Modal Title
Modal Body
usn-8089-2
Vulnerability from osv_ubuntu
USN-8089-1 fixed vulnerabilities in Go Networking. This update provides the corresponding update to code vendored in golang-golang-x-net-dev.
Original advisory details:
Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher, and Kaan Onarlioglu discovered that servers using Go Networking could hang during shutdown if preempted by a fatal error. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-27664)
Arpad Ryszka and Jakob Ackermann discovered that a maliciously crafted stream could cause excessive CPU usage in Go Networking's HPACK decoder. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-41723)
Mohammad Thoriq Aziz discovered that Go Networking did not properly sanitize some text nodes. An attacker could possibly use this to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-3978)
Sean Ng discovered an error in Go Networking's HTML tag handling. An attacker could possibly use this to cause a denial of service. (CVE-2025-22872)
Guido Vranken and Jakub Ciolek discovered that a maliciously crafted HTML document could exhaust system resources on servers using Go Networking. An attacker could possibly use this to cause a denial of service. (CVE-2025-47911)
Guido Vranken discovered that a maliciously crafted HTML document could put servers using Go Networking into an infinite loop. An attacker could possibly use this to cause a denial of service. (CVE-2025-58190)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2022-27664",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-41723",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-3978",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-22872",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-47911",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-58190",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.0+git20150226.3d87fd6-3",
"0.0+git20151007.b846920+dfsg-1",
"1:0.0+git20150817.66f0418-1",
"1:0.0+git20160110.4fd4a9f-1",
"1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2022-27664",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-41723",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-3978",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-22872",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-47911",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-58190",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20170629.c81e7f2+dfsg-1ubuntu1",
"1:0.0+git20170629.c81e7f2+dfsg-1ubuntu2",
"1:0.0+git20170629.c81e7f2+dfsg-2",
"1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2021-33194",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-27664",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-41723",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-3978",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-22872",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-47911",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-58190",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20190811.74dc4d7+dfsg-1",
"1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1"
]
}
],
"aliases": [],
"details": "USN-8089-1 fixed vulnerabilities in Go Networking. This update provides\nthe corresponding update to code vendored in golang-golang-x-net-dev.\n\nOriginal advisory details:\n\n Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher, and\n Kaan Onarlioglu discovered that servers using Go Networking could hang\n during shutdown if preempted by a fatal error. An attacker could possibly\n use this to cause a denial of service. This issue only affected Ubuntu\n 22.04 LTS. (CVE-2022-27664)\n\n Arpad Ryszka and Jakob Ackermann discovered that a maliciously crafted\n stream could cause excessive CPU usage in Go Networking\u0027s HPACK decoder. An\n attacker could possibly use this to cause a denial of service. This issue\n only affected Ubuntu 22.04 LTS. (CVE-2022-41723)\n\n Mohammad Thoriq Aziz discovered that Go Networking did not properly\n sanitize some text nodes. An attacker could possibly use this to execute\n arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-3978)\n\n Sean Ng discovered an error in Go Networking\u0027s HTML tag handling. An\n attacker could possibly use this to cause a denial of service.\n (CVE-2025-22872)\n\n Guido Vranken and Jakub Ciolek discovered that a maliciously crafted HTML\n document could exhaust system resources on servers using Go Networking. An\n attacker could possibly use this to cause a denial of service.\n (CVE-2025-47911)\n\n Guido Vranken discovered that a maliciously crafted HTML document could put\n servers using Go Networking into an infinite loop. An attacker could\n possibly use this to cause a denial of service. (CVE-2025-58190)",
"id": "USN-8089-2",
"modified": "2026-06-25T10:47:32Z",
"published": "2026-03-31T17:13:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8089-2"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-33194"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-27664"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-41723"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-3978"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-22872"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-47911"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-58190"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "golang-golang-x-net-dev vulnerabilities",
"upstream": [
"UBUNTU-CVE-2021-33194",
"UBUNTU-CVE-2022-27664",
"UBUNTU-CVE-2022-41723",
"UBUNTU-CVE-2023-3978",
"UBUNTU-CVE-2025-22872",
"UBUNTU-CVE-2025-47911",
"UBUNTU-CVE-2025-58190"
]
}
ubuntu-cve-2021-33194
Vulnerability from osv_ubuntu
golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "lxd",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm2"
},
{
"binary_name": "lxd-client",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm2"
},
{
"binary_name": "lxd-tools",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "lxd",
"purl": "pkg:deb/ubuntu/lxd@3.0.3-0ubuntu1~18.04.2+esm2?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.3-0ubuntu1~18.04.2+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.18-0ubuntu6",
"2.19-0ubuntu1",
"2.20-0ubuntu3",
"2.20-0ubuntu4",
"2.21-0ubuntu1",
"2.21-0ubuntu2",
"2.21-0ubuntu3",
"2.21-0ubuntu4",
"3.0.0~beta2-0ubuntu3",
"3.0.0~beta3-0ubuntu3",
"3.0.0~beta5-0ubuntu2",
"3.0.0~beta7-0ubuntu1",
"3.0.0-0ubuntu1",
"3.0.0-0ubuntu2",
"3.0.0-0ubuntu3",
"3.0.0-0ubuntu4",
"3.0.1-0ubuntu1~18.04.1",
"3.0.2-0ubuntu1~18.04.1",
"3.0.3-0ubuntu1~18.04.1",
"3.0.3-0ubuntu1~18.04.2",
"3.0.3-0ubuntu1~18.04.2+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20190811.74dc4d7+dfsg-1",
"1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1"
]
}
],
"aliases": [],
"details": "golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.",
"id": "UBUNTU-CVE-2021-33194",
"modified": "2026-04-08T12:25:00Z",
"published": "2021-05-26T15:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-33194"
},
{
"type": "REPORT",
"url": "https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ"
},
{
"type": "REPORT",
"url": "https://groups.google.com/g/golang-announce/c/wPunbCPkWUg"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8089-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8089-3"
}
],
"related": [
"USN-8089-2",
"USN-8089-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-33194"
]
}
ubuntu-cve-2022-27664
Vulnerability from osv_ubuntu
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
| URL | Type | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.4-2ubuntu1~14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.0+git20150226.3d87fd6-3",
"0.0+git20151007.b846920+dfsg-1",
"1:0.0+git20150817.66f0418-1",
"1:0.0+git20160110.4fd4a9f-1",
"1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "juju",
"binary_version": "2.3.7-0ubuntu0.16.04.1+esm2"
},
{
"binary_name": "juju-2.0",
"binary_version": "2.3.7-0ubuntu0.16.04.1+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "juju-core",
"purl": "pkg:deb/ubuntu/juju-core@2.3.7-0ubuntu0.16.04.1+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.7-0ubuntu0.16.04.1+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.24.6-0ubuntu3",
"1.25.0-0ubuntu1",
"1.25.0-0ubuntu2",
"1.25.0-0ubuntu3",
"2.0~beta4-0ubuntu2",
"2.0~beta6-0ubuntu1.16.04.1",
"2.0~beta7-0ubuntu1.16.04.1",
"2.0~beta12-0ubuntu1.16.04.1",
"2.0~beta15-0ubuntu2.16.04.1",
"2.0.0-0ubuntu0.16.04.2",
"2.0.2-0ubuntu0.16.04.1",
"2.0.2-0ubuntu0.16.04.2",
"2.3.1-0ubuntu0.16.04.1",
"2.3.2-0ubuntu0.16.04.1",
"2.3.7-0ubuntu0.16.04.1",
"2.3.7-0ubuntu0.16.04.1+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-github-lxc-lxd-dev",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxc2",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxd",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxd-client",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxd-tools",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "lxd",
"purl": "pkg:deb/ubuntu/lxd@2.0.11-0ubuntu1~16.04.4+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.11-0ubuntu1~16.04.4+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.20-0ubuntu4",
"0.21-0ubuntu3",
"0.21-0ubuntu5",
"0.22-0ubuntu1",
"0.22-0ubuntu2",
"0.23-0ubuntu1",
"0.23-0ubuntu2",
"0.23-0ubuntu3",
"0.24-0ubuntu2",
"0.24-0ubuntu3",
"0.24-0ubuntu4",
"0.25-0ubuntu1",
"0.26-0ubuntu2",
"0.26-0ubuntu3",
"0.27-0ubuntu1",
"0.27-0ubuntu2",
"2.0.0~beta1-0ubuntu3",
"2.0.0~beta1-0ubuntu4",
"2.0.0~beta2-0ubuntu1",
"2.0.0~beta2-0ubuntu2",
"2.0.0~beta3-0ubuntu1",
"2.0.0~beta3-0ubuntu2",
"2.0.0~beta3-0ubuntu3",
"2.0.0~beta3-0ubuntu4",
"2.0.0~beta4-0ubuntu1",
"2.0.0~beta4-0ubuntu2",
"2.0.0~beta4-0ubuntu3",
"2.0.0~beta4-0ubuntu4",
"2.0.0~beta4-0ubuntu5",
"2.0.0~beta4-0ubuntu6",
"2.0.0~beta4-0ubuntu7",
"2.0.0~rc1-0ubuntu1",
"2.0.0~rc1-0ubuntu2",
"2.0.0~rc1-0ubuntu3",
"2.0.0~rc2-0ubuntu2",
"2.0.0~rc2-0ubuntu3",
"2.0.0~rc3-0ubuntu1",
"2.0.0~rc3-0ubuntu2",
"2.0.0~rc3-0ubuntu3",
"2.0.0~rc3-0ubuntu4",
"2.0.0~rc4-0ubuntu1",
"2.0.0~rc5-0ubuntu1",
"2.0.0~rc6-0ubuntu1",
"2.0.0~rc6-0ubuntu2",
"2.0.0~rc7-0ubuntu1",
"2.0.0~rc7-0ubuntu2",
"2.0.0~rc8-0ubuntu1",
"2.0.0~rc8-0ubuntu2",
"2.0.0~rc8-0ubuntu3",
"2.0.0~rc8-0ubuntu5",
"2.0.0~rc8-0ubuntu6",
"2.0.0~rc8-0ubuntu7",
"2.0.0~rc9-0ubuntu2",
"2.0.0~rc9-0ubuntu3",
"2.0.0~rc9-0ubuntu4",
"2.0.0~rc9-0ubuntu5",
"2.0.0-0ubuntu1",
"2.0.0-0ubuntu2",
"2.0.0-0ubuntu3",
"2.0.0-0ubuntu4",
"2.0.1-0ubuntu1~16.04.1",
"2.0.2-0ubuntu1~16.04.1",
"2.0.3-0ubuntu1~ubuntu16.04.2",
"2.0.4-0ubuntu1~ubuntu16.04.1",
"2.0.5-0ubuntu1~ubuntu16.04.1",
"2.0.8-0ubuntu1~ubuntu16.04.1",
"2.0.8-0ubuntu1~ubuntu16.04.2",
"2.0.9-0ubuntu1~16.04.1",
"2.0.9-0ubuntu1~16.04.2",
"2.0.10-0ubuntu1~16.04.1",
"2.0.10-0ubuntu1~16.04.2",
"2.0.11-0ubuntu1~16.04.2",
"2.0.11-0ubuntu1~16.04.4",
"2.0.11-0ubuntu1~16.04.4+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~16.04.3+esm3?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.8-1ubuntu1~16.04.3+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu1~16.04.2",
"1.13.8-1ubuntu1~16.04.3",
"1.13.8-1ubuntu1~16.04.3+esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~16.04.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.4-2ubuntu1~16.04.1",
"1.10.4-2ubuntu1~16.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.6",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
},
{
"binary_name": "golang-1.6-go",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
},
{
"binary_name": "golang-1.6-src",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "golang-1.6",
"purl": "pkg:deb/ubuntu/golang-1.6@1.6.2-0ubuntu5~16.04.4?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6-0ubuntu1",
"1.6-0ubuntu2",
"1.6-0ubuntu3",
"1.6-0ubuntu4",
"1.6-0ubuntu5",
"1.6.1-0ubuntu1",
"1.6.2-0ubuntu5~16.04",
"1.6.2-0ubuntu5~16.04.2",
"1.6.2-0ubuntu5~16.04.3",
"1.6.2-0ubuntu5~16.04.4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "google-guest-agent",
"binary_version": "20240716.00-0ubuntu1~16.04.0+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "google-guest-agent",
"purl": "pkg:deb/ubuntu/google-guest-agent@20240716.00-0ubuntu1~16.04.0+esm3?arch=source\u0026distro=esm-apps-legacy/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"20201217.02-0ubuntu1~16.04.0",
"20230426.00-0ubuntu2~16.04.3",
"20231004.02-0ubuntu1~16.04.1",
"20231004.02-0ubuntu1~16.04.2",
"20240716.00-0ubuntu1~16.04.0",
"20240716.00-0ubuntu1~16.04.0+esm1",
"20240716.00-0ubuntu1~16.04.0+esm2",
"20240716.00-0ubuntu1~16.04.0+esm3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~18.04.4"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~18.04.4"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~18.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~18.04.4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~18.04.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~18.04.3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10~rc1-1",
"1.10~rc1-1ubuntu1",
"1.10~rc1-2ubuntu1",
"1.10~rc2-1ubuntu1",
"1.10-1ubuntu1",
"1.10.1-1ubuntu2",
"1.10.4-2ubuntu1~18.04.1",
"1.10.4-2ubuntu1~18.04.2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "lxd",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm2"
},
{
"binary_name": "lxd-client",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm2"
},
{
"binary_name": "lxd-tools",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "lxd",
"purl": "pkg:deb/ubuntu/lxd@3.0.3-0ubuntu1~18.04.2+esm2?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.3-0ubuntu1~18.04.2+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.18-0ubuntu6",
"2.19-0ubuntu1",
"2.20-0ubuntu3",
"2.20-0ubuntu4",
"2.21-0ubuntu1",
"2.21-0ubuntu2",
"2.21-0ubuntu3",
"2.21-0ubuntu4",
"3.0.0~beta2-0ubuntu3",
"3.0.0~beta3-0ubuntu3",
"3.0.0~beta5-0ubuntu2",
"3.0.0~beta7-0ubuntu1",
"3.0.0-0ubuntu1",
"3.0.0-0ubuntu2",
"3.0.0-0ubuntu3",
"3.0.0-0ubuntu4",
"3.0.1-0ubuntu1~18.04.1",
"3.0.2-0ubuntu1~18.04.1",
"3.0.3-0ubuntu1~18.04.1",
"3.0.3-0ubuntu1~18.04.2",
"3.0.3-0ubuntu1~18.04.2+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~18.04.4+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.8-1ubuntu1~18.04.4+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu1~18.04.2",
"1.13.8-1ubuntu1~18.04.3",
"1.13.8-1ubuntu1~18.04.4"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.16",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
},
{
"binary_name": "golang-1.16-go",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
},
{
"binary_name": "golang-1.16-src",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.16",
"purl": "pkg:deb/ubuntu/golang-1.16@1.16.2-0ubuntu1~18.04.2+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.2-0ubuntu1~18.04.2+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.2-0ubuntu1~18.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.8",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-go",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-go-shared-dev",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-src",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "libgolang-1.8-std1",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.8",
"purl": "pkg:deb/ubuntu/golang-1.8@1.8.3-2ubuntu1.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.8.3-2ubuntu1",
"1.8.3-2ubuntu1.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.9",
"binary_version": "1.9.4-1ubuntu1"
},
{
"binary_name": "golang-1.9-go",
"binary_version": "1.9.4-1ubuntu1"
},
{
"binary_name": "golang-1.9-src",
"binary_version": "1.9.4-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.9",
"purl": "pkg:deb/ubuntu/golang-1.9@1.9.4-1ubuntu1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.9.1-2ubuntu1",
"1.9.2-1ubuntu1",
"1.9.2-3ubuntu1",
"1.9.3-1ubuntu1",
"1.9.4-1ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20170629.c81e7f2+dfsg-1ubuntu1",
"1:0.0+git20170629.c81e7f2+dfsg-1ubuntu2",
"1:0.0+git20170629.c81e7f2+dfsg-2",
"1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "google-guest-agent",
"binary_version": "20241011.01-0ubuntu1~18.04.0+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "google-guest-agent",
"purl": "pkg:deb/ubuntu/google-guest-agent@20241011.01-0ubuntu1~18.04.0+esm3?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"20201217.02-0ubuntu1~18.04.0",
"20210414.00-0ubuntu1~18.04.0",
"20210629.00-0ubuntu1~18.04.1",
"20220622.00-0ubuntu2~18.04.0",
"20220622.00-0ubuntu2~18.04.1",
"20230426.00-0ubuntu2~18.04.0",
"20231004.02-0ubuntu1~18.04.2",
"20231004.02-0ubuntu1~18.04.3",
"20240716.00-0ubuntu1~18.04.0",
"20241011.01-0ubuntu1~18.04.0",
"20241011.01-0ubuntu1~18.04.0+esm1",
"20241011.01-0ubuntu1~18.04.0+esm2",
"20241011.01-0ubuntu1~18.04.0+esm3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1.2"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1.2"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.8-1ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.1-1ubuntu1",
"1.13.3-1ubuntu1",
"1.13.4-1ubuntu1",
"1.13.5-1ubuntu1",
"1.13.6-1ubuntu1",
"1.13.6-2ubuntu1",
"1.13.7-1ubuntu1",
"1.13.8-1ubuntu1",
"1.13.8-1ubuntu1.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.16",
"binary_version": "1.16.2-0ubuntu1~20.04.1"
},
{
"binary_name": "golang-1.16-go",
"binary_version": "1.16.2-0ubuntu1~20.04.1"
},
{
"binary_name": "golang-1.16-src",
"binary_version": "1.16.2-0ubuntu1~20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.16",
"purl": "pkg:deb/ubuntu/golang-1.16@1.16.2-0ubuntu1~20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.2-0ubuntu1~20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.2-0ubuntu1~20.04"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~20.04.2"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~20.04.2"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "google-guest-agent",
"binary_version": "20231004.02-0ubuntu1~20.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "google-guest-agent",
"purl": "pkg:deb/ubuntu/google-guest-agent@20231004.02-0ubuntu1~20.04.3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "20231004.02-0ubuntu1~20.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"20201217.02-0ubuntu1~20.04.0",
"20210414.00-0ubuntu1~20.04.0",
"20210629.00-0ubuntu1~20.04.0",
"20220622.00-0ubuntu2~20.04.0",
"20220622.00-0ubuntu2~20.04.2",
"20230426.00-0ubuntu2~20.04.0",
"20231004.02-0ubuntu1~20.04.1",
"20231004.02-0ubuntu1~20.04.2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "adsys",
"binary_version": "0.9.2~20.04.2ubuntu0.1+esm1"
},
{
"binary_name": "adsys-windows",
"binary_version": "0.9.2~20.04.2ubuntu0.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "adsys",
"purl": "pkg:deb/ubuntu/adsys@0.9.2~20.04.2ubuntu0.1+esm1?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.9.2~20.04.2ubuntu0.1+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.8~22.04",
"0.9.2~20.04",
"0.9.2~20.04.1",
"0.9.2~20.04.2",
"0.9.2~20.04.2ubuntu0.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.14",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
},
{
"binary_name": "golang-1.14-go",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
},
{
"binary_name": "golang-1.14-src",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.14",
"purl": "pkg:deb/ubuntu/golang-1.14@1.14.3-2ubuntu2~20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.14~beta1-1",
"1.14~beta1-2",
"1.14~rc1-1",
"1.14-1",
"1.14.1-1",
"1.14.2-1",
"1.14.2-1ubuntu1",
"1.14.3-2ubuntu2~20.04.1",
"1.14.3-2ubuntu2~20.04.2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20190811.74dc4d7+dfsg-1",
"1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu2.22.04.2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.8-1ubuntu2.22.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu2",
"1.13.8-1ubuntu2.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.17",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-go",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-src",
"binary_version": "1.17.13-3ubuntu1.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.17",
"purl": "pkg:deb/ubuntu/golang-1.17@1.17.13-3ubuntu1.3?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.17-1ubuntu2",
"1.17.3-1ubuntu1",
"1.17.3-1ubuntu2",
"1.17.13-3ubuntu1",
"1.17.13-3ubuntu1.2",
"1.17.13-3ubuntu1.3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1.1"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1.1"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18~beta1-0ubuntu1",
"1.18~beta2-1ubuntu1",
"1.18~beta2-1ubuntu2",
"1.18~rc1-1ubuntu1",
"1.18-1ubuntu1",
"1.18.1-1ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "google-guest-agent",
"binary_version": "20231004.02-0ubuntu1~22.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "google-guest-agent",
"purl": "pkg:deb/ubuntu/google-guest-agent@20231004.02-0ubuntu1~22.04.3?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "20231004.02-0ubuntu1~22.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"20210629.00-0ubuntu1",
"20210629.00-0ubuntu2",
"20220104.00-0ubuntu1",
"20220104.00-0ubuntu2",
"20220622.00-0ubuntu2~22.04.0",
"20220622.00-0ubuntu2~22.04.1",
"20230426.00-0ubuntu2~22.04.0",
"20231004.02-0ubuntu1~22.04.1",
"20231004.02-0ubuntu1~22.04.2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "golang-golang-x-net",
"purl": "pkg:deb/ubuntu/golang-golang-x-net@1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20210119.5f4716e+dfsg-4",
"1:0.0+git20210805.aaa1db6+dfsg-1",
"1:0.0+git20211209.491a49a+dfsg-1",
"1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm1"
]
}
],
"aliases": [],
"details": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.",
"id": "UBUNTU-CVE-2022-27664",
"modified": "2026-06-22T22:04:32Z",
"published": "2022-09-06T18:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-27664"
},
{
"type": "REPORT",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s"
},
{
"type": "REPORT",
"url": "https://github.com/golang/go/issues/54658"
},
{
"type": "REPORT",
"url": "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824"
},
{
"type": "REPORT",
"url": "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479"
},
{
"type": "REPORT",
"url": "https://groups.google.com/g/golang-announce"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6038-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6038-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8089-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8089-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8089-3"
}
],
"related": [
"USN-6038-1",
"USN-6038-2",
"USN-8089-1",
"USN-8089-2",
"USN-8089-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2022-27664"
]
}
ubuntu-cve-2022-41723
Vulnerability from osv_ubuntu
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.4-2ubuntu1~14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.0+git20150226.3d87fd6-3",
"0.0+git20151007.b846920+dfsg-1",
"1:0.0+git20150817.66f0418-1",
"1:0.0+git20160110.4fd4a9f-1",
"1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "juju",
"binary_version": "2.3.7-0ubuntu0.16.04.1+esm2"
},
{
"binary_name": "juju-2.0",
"binary_version": "2.3.7-0ubuntu0.16.04.1+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "juju-core",
"purl": "pkg:deb/ubuntu/juju-core@2.3.7-0ubuntu0.16.04.1+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.7-0ubuntu0.16.04.1+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.24.6-0ubuntu3",
"1.25.0-0ubuntu1",
"1.25.0-0ubuntu2",
"1.25.0-0ubuntu3",
"2.0~beta4-0ubuntu2",
"2.0~beta6-0ubuntu1.16.04.1",
"2.0~beta7-0ubuntu1.16.04.1",
"2.0~beta12-0ubuntu1.16.04.1",
"2.0~beta15-0ubuntu2.16.04.1",
"2.0.0-0ubuntu0.16.04.2",
"2.0.2-0ubuntu0.16.04.1",
"2.0.2-0ubuntu0.16.04.2",
"2.3.1-0ubuntu0.16.04.1",
"2.3.2-0ubuntu0.16.04.1",
"2.3.7-0ubuntu0.16.04.1",
"2.3.7-0ubuntu0.16.04.1+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-github-lxc-lxd-dev",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxc2",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxd",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxd-client",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxd-tools",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "lxd",
"purl": "pkg:deb/ubuntu/lxd@2.0.11-0ubuntu1~16.04.4+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.11-0ubuntu1~16.04.4+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.20-0ubuntu4",
"0.21-0ubuntu3",
"0.21-0ubuntu5",
"0.22-0ubuntu1",
"0.22-0ubuntu2",
"0.23-0ubuntu1",
"0.23-0ubuntu2",
"0.23-0ubuntu3",
"0.24-0ubuntu2",
"0.24-0ubuntu3",
"0.24-0ubuntu4",
"0.25-0ubuntu1",
"0.26-0ubuntu2",
"0.26-0ubuntu3",
"0.27-0ubuntu1",
"0.27-0ubuntu2",
"2.0.0~beta1-0ubuntu3",
"2.0.0~beta1-0ubuntu4",
"2.0.0~beta2-0ubuntu1",
"2.0.0~beta2-0ubuntu2",
"2.0.0~beta3-0ubuntu1",
"2.0.0~beta3-0ubuntu2",
"2.0.0~beta3-0ubuntu3",
"2.0.0~beta3-0ubuntu4",
"2.0.0~beta4-0ubuntu1",
"2.0.0~beta4-0ubuntu2",
"2.0.0~beta4-0ubuntu3",
"2.0.0~beta4-0ubuntu4",
"2.0.0~beta4-0ubuntu5",
"2.0.0~beta4-0ubuntu6",
"2.0.0~beta4-0ubuntu7",
"2.0.0~rc1-0ubuntu1",
"2.0.0~rc1-0ubuntu2",
"2.0.0~rc1-0ubuntu3",
"2.0.0~rc2-0ubuntu2",
"2.0.0~rc2-0ubuntu3",
"2.0.0~rc3-0ubuntu1",
"2.0.0~rc3-0ubuntu2",
"2.0.0~rc3-0ubuntu3",
"2.0.0~rc3-0ubuntu4",
"2.0.0~rc4-0ubuntu1",
"2.0.0~rc5-0ubuntu1",
"2.0.0~rc6-0ubuntu1",
"2.0.0~rc6-0ubuntu2",
"2.0.0~rc7-0ubuntu1",
"2.0.0~rc7-0ubuntu2",
"2.0.0~rc8-0ubuntu1",
"2.0.0~rc8-0ubuntu2",
"2.0.0~rc8-0ubuntu3",
"2.0.0~rc8-0ubuntu5",
"2.0.0~rc8-0ubuntu6",
"2.0.0~rc8-0ubuntu7",
"2.0.0~rc9-0ubuntu2",
"2.0.0~rc9-0ubuntu3",
"2.0.0~rc9-0ubuntu4",
"2.0.0~rc9-0ubuntu5",
"2.0.0-0ubuntu1",
"2.0.0-0ubuntu2",
"2.0.0-0ubuntu3",
"2.0.0-0ubuntu4",
"2.0.1-0ubuntu1~16.04.1",
"2.0.2-0ubuntu1~16.04.1",
"2.0.3-0ubuntu1~ubuntu16.04.2",
"2.0.4-0ubuntu1~ubuntu16.04.1",
"2.0.5-0ubuntu1~ubuntu16.04.1",
"2.0.8-0ubuntu1~ubuntu16.04.1",
"2.0.8-0ubuntu1~ubuntu16.04.2",
"2.0.9-0ubuntu1~16.04.1",
"2.0.9-0ubuntu1~16.04.2",
"2.0.10-0ubuntu1~16.04.1",
"2.0.10-0ubuntu1~16.04.2",
"2.0.11-0ubuntu1~16.04.2",
"2.0.11-0ubuntu1~16.04.4",
"2.0.11-0ubuntu1~16.04.4+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~16.04.6+esm1?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~16.04.6+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~16.04.6"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~16.04.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.4-2ubuntu1~16.04.1",
"1.10.4-2ubuntu1~16.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.6",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
},
{
"binary_name": "golang-1.6-go",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
},
{
"binary_name": "golang-1.6-src",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "golang-1.6",
"purl": "pkg:deb/ubuntu/golang-1.6@1.6.2-0ubuntu5~16.04.4?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6-0ubuntu1",
"1.6-0ubuntu2",
"1.6-0ubuntu3",
"1.6-0ubuntu4",
"1.6-0ubuntu5",
"1.6.1-0ubuntu1",
"1.6.2-0ubuntu5~16.04",
"1.6.2-0ubuntu5~16.04.2",
"1.6.2-0ubuntu5~16.04.3",
"1.6.2-0ubuntu5~16.04.4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~16.04.3+esm3?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu1~16.04.2",
"1.13.8-1ubuntu1~16.04.3",
"1.13.8-1ubuntu1~16.04.3+esm2",
"1.13.8-1ubuntu1~16.04.3+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10~rc1-1",
"1.10~rc1-1ubuntu1",
"1.10~rc1-2ubuntu1",
"1.10~rc2-1ubuntu1",
"1.10-1ubuntu1",
"1.10.1-1ubuntu2",
"1.10.4-2ubuntu1~18.04.1",
"1.10.4-2ubuntu1~18.04.2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "lxd",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm2"
},
{
"binary_name": "lxd-client",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm2"
},
{
"binary_name": "lxd-tools",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "lxd",
"purl": "pkg:deb/ubuntu/lxd@3.0.3-0ubuntu1~18.04.2+esm2?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.3-0ubuntu1~18.04.2+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.18-0ubuntu6",
"2.19-0ubuntu1",
"2.20-0ubuntu3",
"2.20-0ubuntu4",
"2.21-0ubuntu1",
"2.21-0ubuntu2",
"2.21-0ubuntu3",
"2.21-0ubuntu4",
"3.0.0~beta2-0ubuntu3",
"3.0.0~beta3-0ubuntu3",
"3.0.0~beta5-0ubuntu2",
"3.0.0~beta7-0ubuntu1",
"3.0.0-0ubuntu1",
"3.0.0-0ubuntu2",
"3.0.0-0ubuntu3",
"3.0.0-0ubuntu4",
"3.0.1-0ubuntu1~18.04.1",
"3.0.2-0ubuntu1~18.04.1",
"3.0.3-0ubuntu1~18.04.1",
"3.0.3-0ubuntu1~18.04.2",
"3.0.3-0ubuntu1~18.04.2+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~18.04.4+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu1~18.04.2",
"1.13.8-1ubuntu1~18.04.3",
"1.13.8-1ubuntu1~18.04.4",
"1.13.8-1ubuntu1~18.04.4+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.16",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
},
{
"binary_name": "golang-1.16-go",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
},
{
"binary_name": "golang-1.16-src",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.16",
"purl": "pkg:deb/ubuntu/golang-1.16@1.16.2-0ubuntu1~18.04.2+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.2-0ubuntu1~18.04.2",
"1.16.2-0ubuntu1~18.04.2+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~18.04.4+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~18.04.4+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~18.04.3",
"1.18.1-1ubuntu1~18.04.4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.8",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-go",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-go-shared-dev",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-src",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "libgolang-1.8-std1",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.8",
"purl": "pkg:deb/ubuntu/golang-1.8@1.8.3-2ubuntu1.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.8.3-2ubuntu1",
"1.8.3-2ubuntu1.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.9",
"binary_version": "1.9.4-1ubuntu1"
},
{
"binary_name": "golang-1.9-go",
"binary_version": "1.9.4-1ubuntu1"
},
{
"binary_name": "golang-1.9-src",
"binary_version": "1.9.4-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.9",
"purl": "pkg:deb/ubuntu/golang-1.9@1.9.4-1ubuntu1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.9.1-2ubuntu1",
"1.9.2-1ubuntu1",
"1.9.2-3ubuntu1",
"1.9.3-1ubuntu1",
"1.9.4-1ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20170629.c81e7f2+dfsg-1ubuntu1",
"1:0.0+git20170629.c81e7f2+dfsg-1ubuntu2",
"1:0.0+git20170629.c81e7f2+dfsg-2",
"1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~20.04.3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~20.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~20.04.1",
"1.18.1-1ubuntu1~20.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "google-guest-agent",
"binary_version": "20231004.02-0ubuntu1~20.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "google-guest-agent",
"purl": "pkg:deb/ubuntu/google-guest-agent@20231004.02-0ubuntu1~20.04.3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "20231004.02-0ubuntu1~20.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"20201217.02-0ubuntu1~20.04.0",
"20210414.00-0ubuntu1~20.04.0",
"20210629.00-0ubuntu1~20.04.0",
"20220622.00-0ubuntu2~20.04.0",
"20220622.00-0ubuntu2~20.04.2",
"20230426.00-0ubuntu2~20.04.0",
"20231004.02-0ubuntu1~20.04.1",
"20231004.02-0ubuntu1~20.04.2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "adsys",
"binary_version": "0.9.2~20.04.2ubuntu0.1+esm1"
},
{
"binary_name": "adsys-windows",
"binary_version": "0.9.2~20.04.2ubuntu0.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "adsys",
"purl": "pkg:deb/ubuntu/adsys@0.9.2~20.04.2ubuntu0.1+esm1?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.9.2~20.04.2ubuntu0.1+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.8~22.04",
"0.9.2~20.04",
"0.9.2~20.04.1",
"0.9.2~20.04.2",
"0.9.2~20.04.2ubuntu0.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1.2"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1.2"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.1-1ubuntu1",
"1.13.3-1ubuntu1",
"1.13.4-1ubuntu1",
"1.13.5-1ubuntu1",
"1.13.6-1ubuntu1",
"1.13.6-2ubuntu1",
"1.13.7-1ubuntu1",
"1.13.8-1ubuntu1",
"1.13.8-1ubuntu1.1",
"1.13.8-1ubuntu1.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.14",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
},
{
"binary_name": "golang-1.14-go",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
},
{
"binary_name": "golang-1.14-src",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.14",
"purl": "pkg:deb/ubuntu/golang-1.14@1.14.3-2ubuntu2~20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.14~beta1-1",
"1.14~beta1-2",
"1.14~rc1-1",
"1.14-1",
"1.14.1-1",
"1.14.2-1",
"1.14.2-1ubuntu1",
"1.14.3-2ubuntu2~20.04.1",
"1.14.3-2ubuntu2~20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.16",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
},
{
"binary_name": "golang-1.16-go",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
},
{
"binary_name": "golang-1.16-src",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "golang-1.16",
"purl": "pkg:deb/ubuntu/golang-1.16@1.16.2-0ubuntu1~20.04.1+esm1?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.2-0ubuntu1~20.04",
"1.16.2-0ubuntu1~20.04.1",
"1.16.2-0ubuntu1~20.04.1+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20190811.74dc4d7+dfsg-1",
"1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.17",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-go",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-src",
"binary_version": "1.17.13-3ubuntu1.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.17",
"purl": "pkg:deb/ubuntu/golang-1.17@1.17.13-3ubuntu1.3?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.13-3ubuntu1.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.17-1ubuntu2",
"1.17.3-1ubuntu1",
"1.17.3-1ubuntu2",
"1.17.13-3ubuntu1",
"1.17.13-3ubuntu1.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1.2"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1.2"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1.2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18~beta1-0ubuntu1",
"1.18~beta2-1ubuntu1",
"1.18~beta2-1ubuntu2",
"1.18~rc1-1ubuntu1",
"1.18-1ubuntu1",
"1.18.1-1ubuntu1",
"1.18.1-1ubuntu1.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "google-guest-agent",
"binary_version": "20231004.02-0ubuntu1~22.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "google-guest-agent",
"purl": "pkg:deb/ubuntu/google-guest-agent@20231004.02-0ubuntu1~22.04.3?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "20231004.02-0ubuntu1~22.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"20210629.00-0ubuntu1",
"20210629.00-0ubuntu2",
"20220104.00-0ubuntu1",
"20220104.00-0ubuntu2",
"20220622.00-0ubuntu2~22.04.0",
"20220622.00-0ubuntu2~22.04.1",
"20230426.00-0ubuntu2~22.04.0",
"20231004.02-0ubuntu1~22.04.1",
"20231004.02-0ubuntu1~22.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu2.22.04.2?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu2",
"1.13.8-1ubuntu2.22.04.1",
"1.13.8-1ubuntu2.22.04.1+esm1",
"1.13.8-1ubuntu2.22.04.2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "golang-golang-x-net",
"purl": "pkg:deb/ubuntu/golang-golang-x-net@1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20210119.5f4716e+dfsg-4",
"1:0.0+git20210805.aaa1db6+dfsg-1",
"1:0.0+git20211209.491a49a+dfsg-1",
"1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm1"
]
}
],
"aliases": [],
"details": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.",
"id": "UBUNTU-CVE-2022-41723",
"modified": "2026-05-20T14:56:11Z",
"published": "2023-02-28T18:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-41723"
},
{
"type": "REPORT",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7109-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7111-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8089-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8089-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8089-3"
}
],
"related": [
"USN-7109-1",
"USN-7111-1",
"USN-8089-1",
"USN-8089-2",
"USN-8089-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2022-41723"
]
}
ubuntu-cve-2023-3978
Vulnerability from osv_ubuntu
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.0+git20150226.3d87fd6-3",
"0.0+git20151007.b846920+dfsg-1",
"1:0.0+git20150817.66f0418-1",
"1:0.0+git20160110.4fd4a9f-1",
"1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "juju",
"binary_version": "2.3.7-0ubuntu0.16.04.1+esm2"
},
{
"binary_name": "juju-2.0",
"binary_version": "2.3.7-0ubuntu0.16.04.1+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "juju-core",
"purl": "pkg:deb/ubuntu/juju-core@2.3.7-0ubuntu0.16.04.1+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.7-0ubuntu0.16.04.1+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.24.6-0ubuntu3",
"1.25.0-0ubuntu1",
"1.25.0-0ubuntu2",
"1.25.0-0ubuntu3",
"2.0~beta4-0ubuntu2",
"2.0~beta6-0ubuntu1.16.04.1",
"2.0~beta7-0ubuntu1.16.04.1",
"2.0~beta12-0ubuntu1.16.04.1",
"2.0~beta15-0ubuntu2.16.04.1",
"2.0.0-0ubuntu0.16.04.2",
"2.0.2-0ubuntu0.16.04.1",
"2.0.2-0ubuntu0.16.04.2",
"2.3.1-0ubuntu0.16.04.1",
"2.3.2-0ubuntu0.16.04.1",
"2.3.7-0ubuntu0.16.04.1",
"2.3.7-0ubuntu0.16.04.1+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-github-lxc-lxd-dev",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxc2",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxd",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxd-client",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxd-tools",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "lxd",
"purl": "pkg:deb/ubuntu/lxd@2.0.11-0ubuntu1~16.04.4+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.11-0ubuntu1~16.04.4+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.20-0ubuntu4",
"0.21-0ubuntu3",
"0.21-0ubuntu5",
"0.22-0ubuntu1",
"0.22-0ubuntu2",
"0.23-0ubuntu1",
"0.23-0ubuntu2",
"0.23-0ubuntu3",
"0.24-0ubuntu2",
"0.24-0ubuntu3",
"0.24-0ubuntu4",
"0.25-0ubuntu1",
"0.26-0ubuntu2",
"0.26-0ubuntu3",
"0.27-0ubuntu1",
"0.27-0ubuntu2",
"2.0.0~beta1-0ubuntu3",
"2.0.0~beta1-0ubuntu4",
"2.0.0~beta2-0ubuntu1",
"2.0.0~beta2-0ubuntu2",
"2.0.0~beta3-0ubuntu1",
"2.0.0~beta3-0ubuntu2",
"2.0.0~beta3-0ubuntu3",
"2.0.0~beta3-0ubuntu4",
"2.0.0~beta4-0ubuntu1",
"2.0.0~beta4-0ubuntu2",
"2.0.0~beta4-0ubuntu3",
"2.0.0~beta4-0ubuntu4",
"2.0.0~beta4-0ubuntu5",
"2.0.0~beta4-0ubuntu6",
"2.0.0~beta4-0ubuntu7",
"2.0.0~rc1-0ubuntu1",
"2.0.0~rc1-0ubuntu2",
"2.0.0~rc1-0ubuntu3",
"2.0.0~rc2-0ubuntu2",
"2.0.0~rc2-0ubuntu3",
"2.0.0~rc3-0ubuntu1",
"2.0.0~rc3-0ubuntu2",
"2.0.0~rc3-0ubuntu3",
"2.0.0~rc3-0ubuntu4",
"2.0.0~rc4-0ubuntu1",
"2.0.0~rc5-0ubuntu1",
"2.0.0~rc6-0ubuntu1",
"2.0.0~rc6-0ubuntu2",
"2.0.0~rc7-0ubuntu1",
"2.0.0~rc7-0ubuntu2",
"2.0.0~rc8-0ubuntu1",
"2.0.0~rc8-0ubuntu2",
"2.0.0~rc8-0ubuntu3",
"2.0.0~rc8-0ubuntu5",
"2.0.0~rc8-0ubuntu6",
"2.0.0~rc8-0ubuntu7",
"2.0.0~rc9-0ubuntu2",
"2.0.0~rc9-0ubuntu3",
"2.0.0~rc9-0ubuntu4",
"2.0.0~rc9-0ubuntu5",
"2.0.0-0ubuntu1",
"2.0.0-0ubuntu2",
"2.0.0-0ubuntu3",
"2.0.0-0ubuntu4",
"2.0.1-0ubuntu1~16.04.1",
"2.0.2-0ubuntu1~16.04.1",
"2.0.3-0ubuntu1~ubuntu16.04.2",
"2.0.4-0ubuntu1~ubuntu16.04.1",
"2.0.5-0ubuntu1~ubuntu16.04.1",
"2.0.8-0ubuntu1~ubuntu16.04.1",
"2.0.8-0ubuntu1~ubuntu16.04.2",
"2.0.9-0ubuntu1~16.04.1",
"2.0.9-0ubuntu1~16.04.2",
"2.0.10-0ubuntu1~16.04.1",
"2.0.10-0ubuntu1~16.04.2",
"2.0.11-0ubuntu1~16.04.2",
"2.0.11-0ubuntu1~16.04.4",
"2.0.11-0ubuntu1~16.04.4+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "lxd",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm2"
},
{
"binary_name": "lxd-client",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm2"
},
{
"binary_name": "lxd-tools",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "lxd",
"purl": "pkg:deb/ubuntu/lxd@3.0.3-0ubuntu1~18.04.2+esm2?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.3-0ubuntu1~18.04.2+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.18-0ubuntu6",
"2.19-0ubuntu1",
"2.20-0ubuntu3",
"2.20-0ubuntu4",
"2.21-0ubuntu1",
"2.21-0ubuntu2",
"2.21-0ubuntu3",
"2.21-0ubuntu4",
"3.0.0~beta2-0ubuntu3",
"3.0.0~beta3-0ubuntu3",
"3.0.0~beta5-0ubuntu2",
"3.0.0~beta7-0ubuntu1",
"3.0.0-0ubuntu1",
"3.0.0-0ubuntu2",
"3.0.0-0ubuntu3",
"3.0.0-0ubuntu4",
"3.0.1-0ubuntu1~18.04.1",
"3.0.2-0ubuntu1~18.04.1",
"3.0.3-0ubuntu1~18.04.1",
"3.0.3-0ubuntu1~18.04.2",
"3.0.3-0ubuntu1~18.04.2+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20170629.c81e7f2+dfsg-1ubuntu1",
"1:0.0+git20170629.c81e7f2+dfsg-1ubuntu2",
"1:0.0+git20170629.c81e7f2+dfsg-2",
"1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "adsys",
"binary_version": "0.9.2~20.04.2ubuntu0.1+esm1"
},
{
"binary_name": "adsys-windows",
"binary_version": "0.9.2~20.04.2ubuntu0.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "adsys",
"purl": "pkg:deb/ubuntu/adsys@0.9.2~20.04.2ubuntu0.1+esm1?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.9.2~20.04.2ubuntu0.1+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.8~22.04",
"0.9.2~20.04",
"0.9.2~20.04.1",
"0.9.2~20.04.2",
"0.9.2~20.04.2ubuntu0.1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20190811.74dc4d7+dfsg-1",
"1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "golang-golang-x-net",
"purl": "pkg:deb/ubuntu/golang-golang-x-net@1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20210119.5f4716e+dfsg-4",
"1:0.0+git20210805.aaa1db6+dfsg-1",
"1:0.0+git20211209.491a49a+dfsg-1",
"1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm1"
]
}
],
"aliases": [],
"details": "Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.",
"id": "UBUNTU-CVE-2023-3978",
"modified": "2026-04-08T12:28:43Z",
"published": "2023-08-02T20:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-3978"
},
{
"type": "REPORT",
"url": "https://go.dev/cl/514896"
},
{
"type": "REPORT",
"url": "https://pkg.go.dev/vuln/GO-2023-1988"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8089-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8089-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8089-3"
}
],
"related": [
"USN-8089-1",
"USN-8089-2",
"USN-8089-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-3978"
]
}
ubuntu-cve-2025-22872
Vulnerability from osv_ubuntu
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. , , etc contexts).
| URL | Type | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.0+git20150226.3d87fd6-3",
"0.0+git20151007.b846920+dfsg-1",
"1:0.0+git20150817.66f0418-1",
"1:0.0+git20160110.4fd4a9f-1",
"1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "juju",
"binary_version": "2.3.7-0ubuntu0.16.04.1+esm2"
},
{
"binary_name": "juju-2.0",
"binary_version": "2.3.7-0ubuntu0.16.04.1+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "juju-core",
"purl": "pkg:deb/ubuntu/juju-core@2.3.7-0ubuntu0.16.04.1+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.7-0ubuntu0.16.04.1+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.24.6-0ubuntu3",
"1.25.0-0ubuntu1",
"1.25.0-0ubuntu2",
"1.25.0-0ubuntu3",
"2.0~beta4-0ubuntu2",
"2.0~beta6-0ubuntu1.16.04.1",
"2.0~beta7-0ubuntu1.16.04.1",
"2.0~beta12-0ubuntu1.16.04.1",
"2.0~beta15-0ubuntu2.16.04.1",
"2.0.0-0ubuntu0.16.04.2",
"2.0.2-0ubuntu0.16.04.1",
"2.0.2-0ubuntu0.16.04.2",
"2.3.1-0ubuntu0.16.04.1",
"2.3.2-0ubuntu0.16.04.1",
"2.3.7-0ubuntu0.16.04.1",
"2.3.7-0ubuntu0.16.04.1+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-github-lxc-lxd-dev",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxc2",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxd",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxd-client",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxd-tools",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "lxd",
"purl": "pkg:deb/ubuntu/lxd@2.0.11-0ubuntu1~16.04.4+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.11-0ubuntu1~16.04.4+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.20-0ubuntu4",
"0.21-0ubuntu3",
"0.21-0ubuntu5",
"0.22-0ubuntu1",
"0.22-0ubuntu2",
"0.23-0ubuntu1",
"0.23-0ubuntu2",
"0.23-0ubuntu3",
"0.24-0ubuntu2",
"0.24-0ubuntu3",
"0.24-0ubuntu4",
"0.25-0ubuntu1",
"0.26-0ubuntu2",
"0.26-0ubuntu3",
"0.27-0ubuntu1",
"0.27-0ubuntu2",
"2.0.0~beta1-0ubuntu3",
"2.0.0~beta1-0ubuntu4",
"2.0.0~beta2-0ubuntu1",
"2.0.0~beta2-0ubuntu2",
"2.0.0~beta3-0ubuntu1",
"2.0.0~beta3-0ubuntu2",
"2.0.0~beta3-0ubuntu3",
"2.0.0~beta3-0ubuntu4",
"2.0.0~beta4-0ubuntu1",
"2.0.0~beta4-0ubuntu2",
"2.0.0~beta4-0ubuntu3",
"2.0.0~beta4-0ubuntu4",
"2.0.0~beta4-0ubuntu5",
"2.0.0~beta4-0ubuntu6",
"2.0.0~beta4-0ubuntu7",
"2.0.0~rc1-0ubuntu1",
"2.0.0~rc1-0ubuntu2",
"2.0.0~rc1-0ubuntu3",
"2.0.0~rc2-0ubuntu2",
"2.0.0~rc2-0ubuntu3",
"2.0.0~rc3-0ubuntu1",
"2.0.0~rc3-0ubuntu2",
"2.0.0~rc3-0ubuntu3",
"2.0.0~rc3-0ubuntu4",
"2.0.0~rc4-0ubuntu1",
"2.0.0~rc5-0ubuntu1",
"2.0.0~rc6-0ubuntu1",
"2.0.0~rc6-0ubuntu2",
"2.0.0~rc7-0ubuntu1",
"2.0.0~rc7-0ubuntu2",
"2.0.0~rc8-0ubuntu1",
"2.0.0~rc8-0ubuntu2",
"2.0.0~rc8-0ubuntu3",
"2.0.0~rc8-0ubuntu5",
"2.0.0~rc8-0ubuntu6",
"2.0.0~rc8-0ubuntu7",
"2.0.0~rc9-0ubuntu2",
"2.0.0~rc9-0ubuntu3",
"2.0.0~rc9-0ubuntu4",
"2.0.0~rc9-0ubuntu5",
"2.0.0-0ubuntu1",
"2.0.0-0ubuntu2",
"2.0.0-0ubuntu3",
"2.0.0-0ubuntu4",
"2.0.1-0ubuntu1~16.04.1",
"2.0.2-0ubuntu1~16.04.1",
"2.0.3-0ubuntu1~ubuntu16.04.2",
"2.0.4-0ubuntu1~ubuntu16.04.1",
"2.0.5-0ubuntu1~ubuntu16.04.1",
"2.0.8-0ubuntu1~ubuntu16.04.1",
"2.0.8-0ubuntu1~ubuntu16.04.2",
"2.0.9-0ubuntu1~16.04.1",
"2.0.9-0ubuntu1~16.04.2",
"2.0.10-0ubuntu1~16.04.1",
"2.0.10-0ubuntu1~16.04.2",
"2.0.11-0ubuntu1~16.04.2",
"2.0.11-0ubuntu1~16.04.4",
"2.0.11-0ubuntu1~16.04.4+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "lxd",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm2"
},
{
"binary_name": "lxd-client",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm2"
},
{
"binary_name": "lxd-tools",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "lxd",
"purl": "pkg:deb/ubuntu/lxd@3.0.3-0ubuntu1~18.04.2+esm2?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.3-0ubuntu1~18.04.2+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.18-0ubuntu6",
"2.19-0ubuntu1",
"2.20-0ubuntu3",
"2.20-0ubuntu4",
"2.21-0ubuntu1",
"2.21-0ubuntu2",
"2.21-0ubuntu3",
"2.21-0ubuntu4",
"3.0.0~beta2-0ubuntu3",
"3.0.0~beta3-0ubuntu3",
"3.0.0~beta5-0ubuntu2",
"3.0.0~beta7-0ubuntu1",
"3.0.0-0ubuntu1",
"3.0.0-0ubuntu2",
"3.0.0-0ubuntu3",
"3.0.0-0ubuntu4",
"3.0.1-0ubuntu1~18.04.1",
"3.0.2-0ubuntu1~18.04.1",
"3.0.3-0ubuntu1~18.04.1",
"3.0.3-0ubuntu1~18.04.2",
"3.0.3-0ubuntu1~18.04.2+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20170629.c81e7f2+dfsg-1ubuntu1",
"1:0.0+git20170629.c81e7f2+dfsg-1ubuntu2",
"1:0.0+git20170629.c81e7f2+dfsg-2",
"1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20190811.74dc4d7+dfsg-1",
"1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "golang-golang-x-net",
"purl": "pkg:deb/ubuntu/golang-golang-x-net@1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20210119.5f4716e+dfsg-4",
"1:0.0+git20210805.aaa1db6+dfsg-1",
"1:0.0+git20211209.491a49a+dfsg-1",
"1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.21.0+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:24.04:LTS",
"name": "golang-golang-x-net",
"purl": "pkg:deb/ubuntu/golang-golang-x-net@1:0.21.0+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.21.0+dfsg-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.10.0-1",
"1:0.17.0+dfsg-1",
"1:0.20.0+dfsg-1",
"1:0.21.0+dfsg-1",
"1:0.21.0+dfsg-1ubuntu0.1~esm1"
]
}
],
"aliases": [],
"details": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"id": "UBUNTU-CVE-2025-22872",
"modified": "2026-04-08T12:35:32Z",
"published": "2025-04-16T18:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-22872"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"type": "REPORT",
"url": "https://go.dev/cl/662715"
},
{
"type": "REPORT",
"url": "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA"
},
{
"type": "REPORT",
"url": "https://pkg.go.dev/vuln/GO-2025-3595"
},
{
"type": "REPORT",
"url": "https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8089-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8089-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8089-3"
}
],
"related": [
"USN-8089-1",
"USN-8089-2",
"USN-8089-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2025-22872"
]
}
ubuntu-cve-2025-47911
Vulnerability from osv_ubuntu
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
| URL | Type | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.0+git20150226.3d87fd6-3",
"0.0+git20151007.b846920+dfsg-1",
"1:0.0+git20150817.66f0418-1",
"1:0.0+git20160110.4fd4a9f-1",
"1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "juju",
"binary_version": "2.3.7-0ubuntu0.16.04.1+esm2"
},
{
"binary_name": "juju-2.0",
"binary_version": "2.3.7-0ubuntu0.16.04.1+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "juju-core",
"purl": "pkg:deb/ubuntu/juju-core@2.3.7-0ubuntu0.16.04.1+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.7-0ubuntu0.16.04.1+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.24.6-0ubuntu3",
"1.25.0-0ubuntu1",
"1.25.0-0ubuntu2",
"1.25.0-0ubuntu3",
"2.0~beta4-0ubuntu2",
"2.0~beta6-0ubuntu1.16.04.1",
"2.0~beta7-0ubuntu1.16.04.1",
"2.0~beta12-0ubuntu1.16.04.1",
"2.0~beta15-0ubuntu2.16.04.1",
"2.0.0-0ubuntu0.16.04.2",
"2.0.2-0ubuntu0.16.04.1",
"2.0.2-0ubuntu0.16.04.2",
"2.3.1-0ubuntu0.16.04.1",
"2.3.2-0ubuntu0.16.04.1",
"2.3.7-0ubuntu0.16.04.1",
"2.3.7-0ubuntu0.16.04.1+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-github-lxc-lxd-dev",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxc2",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxd",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxd-client",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxd-tools",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "lxd",
"purl": "pkg:deb/ubuntu/lxd@2.0.11-0ubuntu1~16.04.4+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.11-0ubuntu1~16.04.4+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.20-0ubuntu4",
"0.21-0ubuntu3",
"0.21-0ubuntu5",
"0.22-0ubuntu1",
"0.22-0ubuntu2",
"0.23-0ubuntu1",
"0.23-0ubuntu2",
"0.23-0ubuntu3",
"0.24-0ubuntu2",
"0.24-0ubuntu3",
"0.24-0ubuntu4",
"0.25-0ubuntu1",
"0.26-0ubuntu2",
"0.26-0ubuntu3",
"0.27-0ubuntu1",
"0.27-0ubuntu2",
"2.0.0~beta1-0ubuntu3",
"2.0.0~beta1-0ubuntu4",
"2.0.0~beta2-0ubuntu1",
"2.0.0~beta2-0ubuntu2",
"2.0.0~beta3-0ubuntu1",
"2.0.0~beta3-0ubuntu2",
"2.0.0~beta3-0ubuntu3",
"2.0.0~beta3-0ubuntu4",
"2.0.0~beta4-0ubuntu1",
"2.0.0~beta4-0ubuntu2",
"2.0.0~beta4-0ubuntu3",
"2.0.0~beta4-0ubuntu4",
"2.0.0~beta4-0ubuntu5",
"2.0.0~beta4-0ubuntu6",
"2.0.0~beta4-0ubuntu7",
"2.0.0~rc1-0ubuntu1",
"2.0.0~rc1-0ubuntu2",
"2.0.0~rc1-0ubuntu3",
"2.0.0~rc2-0ubuntu2",
"2.0.0~rc2-0ubuntu3",
"2.0.0~rc3-0ubuntu1",
"2.0.0~rc3-0ubuntu2",
"2.0.0~rc3-0ubuntu3",
"2.0.0~rc3-0ubuntu4",
"2.0.0~rc4-0ubuntu1",
"2.0.0~rc5-0ubuntu1",
"2.0.0~rc6-0ubuntu1",
"2.0.0~rc6-0ubuntu2",
"2.0.0~rc7-0ubuntu1",
"2.0.0~rc7-0ubuntu2",
"2.0.0~rc8-0ubuntu1",
"2.0.0~rc8-0ubuntu2",
"2.0.0~rc8-0ubuntu3",
"2.0.0~rc8-0ubuntu5",
"2.0.0~rc8-0ubuntu6",
"2.0.0~rc8-0ubuntu7",
"2.0.0~rc9-0ubuntu2",
"2.0.0~rc9-0ubuntu3",
"2.0.0~rc9-0ubuntu4",
"2.0.0~rc9-0ubuntu5",
"2.0.0-0ubuntu1",
"2.0.0-0ubuntu2",
"2.0.0-0ubuntu3",
"2.0.0-0ubuntu4",
"2.0.1-0ubuntu1~16.04.1",
"2.0.2-0ubuntu1~16.04.1",
"2.0.3-0ubuntu1~ubuntu16.04.2",
"2.0.4-0ubuntu1~ubuntu16.04.1",
"2.0.5-0ubuntu1~ubuntu16.04.1",
"2.0.8-0ubuntu1~ubuntu16.04.1",
"2.0.8-0ubuntu1~ubuntu16.04.2",
"2.0.9-0ubuntu1~16.04.1",
"2.0.9-0ubuntu1~16.04.2",
"2.0.10-0ubuntu1~16.04.1",
"2.0.10-0ubuntu1~16.04.2",
"2.0.11-0ubuntu1~16.04.2",
"2.0.11-0ubuntu1~16.04.4",
"2.0.11-0ubuntu1~16.04.4+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "lxd",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm2"
},
{
"binary_name": "lxd-client",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm2"
},
{
"binary_name": "lxd-tools",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "lxd",
"purl": "pkg:deb/ubuntu/lxd@3.0.3-0ubuntu1~18.04.2+esm2?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.3-0ubuntu1~18.04.2+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.18-0ubuntu6",
"2.19-0ubuntu1",
"2.20-0ubuntu3",
"2.20-0ubuntu4",
"2.21-0ubuntu1",
"2.21-0ubuntu2",
"2.21-0ubuntu3",
"2.21-0ubuntu4",
"3.0.0~beta2-0ubuntu3",
"3.0.0~beta3-0ubuntu3",
"3.0.0~beta5-0ubuntu2",
"3.0.0~beta7-0ubuntu1",
"3.0.0-0ubuntu1",
"3.0.0-0ubuntu2",
"3.0.0-0ubuntu3",
"3.0.0-0ubuntu4",
"3.0.1-0ubuntu1~18.04.1",
"3.0.2-0ubuntu1~18.04.1",
"3.0.3-0ubuntu1~18.04.1",
"3.0.3-0ubuntu1~18.04.2",
"3.0.3-0ubuntu1~18.04.2+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20170629.c81e7f2+dfsg-1ubuntu1",
"1:0.0+git20170629.c81e7f2+dfsg-1ubuntu2",
"1:0.0+git20170629.c81e7f2+dfsg-2",
"1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20190811.74dc4d7+dfsg-1",
"1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "golang-golang-x-net",
"purl": "pkg:deb/ubuntu/golang-golang-x-net@1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20210119.5f4716e+dfsg-4",
"1:0.0+git20210805.aaa1db6+dfsg-1",
"1:0.0+git20211209.491a49a+dfsg-1",
"1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.21.0+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:24.04:LTS",
"name": "golang-golang-x-net",
"purl": "pkg:deb/ubuntu/golang-golang-x-net@1:0.21.0+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.21.0+dfsg-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.10.0-1",
"1:0.17.0+dfsg-1",
"1:0.20.0+dfsg-1",
"1:0.21.0+dfsg-1",
"1:0.21.0+dfsg-1ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.27.0-2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "golang-golang-x-net",
"purl": "pkg:deb/ubuntu/golang-golang-x-net@1:0.27.0-2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.27.0-1",
"1:0.27.0-2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.27.0-2"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "golang-golang-x-net",
"purl": "pkg:deb/ubuntu/golang-golang-x-net@1:0.27.0-2?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.27.0-2"
]
}
],
"aliases": [],
"details": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"id": "UBUNTU-CVE-2025-47911",
"modified": "2026-05-20T15:22:53Z",
"published": "2026-02-05T18:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-47911"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47911"
},
{
"type": "REPORT",
"url": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c"
},
{
"type": "REPORT",
"url": "https://github.com/golang/go/issues/75682"
},
{
"type": "REPORT",
"url": "https://github.com/golang/vulndb/issues/4440"
},
{
"type": "REPORT",
"url": "https://go.dev/cl/709876"
},
{
"type": "REPORT",
"url": "https://pkg.go.dev/vuln/GO-2026-4440"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8089-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8089-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8089-3"
}
],
"related": [
"USN-8089-1",
"USN-8089-2",
"USN-8089-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2025-47911"
]
}
ubuntu-cve-2025-58190
Vulnerability from osv_ubuntu
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
| URL | Type | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.0+git20150226.3d87fd6-3",
"0.0+git20151007.b846920+dfsg-1",
"1:0.0+git20150817.66f0418-1",
"1:0.0+git20160110.4fd4a9f-1",
"1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "juju",
"binary_version": "2.3.7-0ubuntu0.16.04.1+esm2"
},
{
"binary_name": "juju-2.0",
"binary_version": "2.3.7-0ubuntu0.16.04.1+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "juju-core",
"purl": "pkg:deb/ubuntu/juju-core@2.3.7-0ubuntu0.16.04.1+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.7-0ubuntu0.16.04.1+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.24.6-0ubuntu3",
"1.25.0-0ubuntu1",
"1.25.0-0ubuntu2",
"1.25.0-0ubuntu3",
"2.0~beta4-0ubuntu2",
"2.0~beta6-0ubuntu1.16.04.1",
"2.0~beta7-0ubuntu1.16.04.1",
"2.0~beta12-0ubuntu1.16.04.1",
"2.0~beta15-0ubuntu2.16.04.1",
"2.0.0-0ubuntu0.16.04.2",
"2.0.2-0ubuntu0.16.04.1",
"2.0.2-0ubuntu0.16.04.2",
"2.3.1-0ubuntu0.16.04.1",
"2.3.2-0ubuntu0.16.04.1",
"2.3.7-0ubuntu0.16.04.1",
"2.3.7-0ubuntu0.16.04.1+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-github-lxc-lxd-dev",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxc2",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxd",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxd-client",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxd-tools",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "lxd",
"purl": "pkg:deb/ubuntu/lxd@2.0.11-0ubuntu1~16.04.4+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.11-0ubuntu1~16.04.4+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.20-0ubuntu4",
"0.21-0ubuntu3",
"0.21-0ubuntu5",
"0.22-0ubuntu1",
"0.22-0ubuntu2",
"0.23-0ubuntu1",
"0.23-0ubuntu2",
"0.23-0ubuntu3",
"0.24-0ubuntu2",
"0.24-0ubuntu3",
"0.24-0ubuntu4",
"0.25-0ubuntu1",
"0.26-0ubuntu2",
"0.26-0ubuntu3",
"0.27-0ubuntu1",
"0.27-0ubuntu2",
"2.0.0~beta1-0ubuntu3",
"2.0.0~beta1-0ubuntu4",
"2.0.0~beta2-0ubuntu1",
"2.0.0~beta2-0ubuntu2",
"2.0.0~beta3-0ubuntu1",
"2.0.0~beta3-0ubuntu2",
"2.0.0~beta3-0ubuntu3",
"2.0.0~beta3-0ubuntu4",
"2.0.0~beta4-0ubuntu1",
"2.0.0~beta4-0ubuntu2",
"2.0.0~beta4-0ubuntu3",
"2.0.0~beta4-0ubuntu4",
"2.0.0~beta4-0ubuntu5",
"2.0.0~beta4-0ubuntu6",
"2.0.0~beta4-0ubuntu7",
"2.0.0~rc1-0ubuntu1",
"2.0.0~rc1-0ubuntu2",
"2.0.0~rc1-0ubuntu3",
"2.0.0~rc2-0ubuntu2",
"2.0.0~rc2-0ubuntu3",
"2.0.0~rc3-0ubuntu1",
"2.0.0~rc3-0ubuntu2",
"2.0.0~rc3-0ubuntu3",
"2.0.0~rc3-0ubuntu4",
"2.0.0~rc4-0ubuntu1",
"2.0.0~rc5-0ubuntu1",
"2.0.0~rc6-0ubuntu1",
"2.0.0~rc6-0ubuntu2",
"2.0.0~rc7-0ubuntu1",
"2.0.0~rc7-0ubuntu2",
"2.0.0~rc8-0ubuntu1",
"2.0.0~rc8-0ubuntu2",
"2.0.0~rc8-0ubuntu3",
"2.0.0~rc8-0ubuntu5",
"2.0.0~rc8-0ubuntu6",
"2.0.0~rc8-0ubuntu7",
"2.0.0~rc9-0ubuntu2",
"2.0.0~rc9-0ubuntu3",
"2.0.0~rc9-0ubuntu4",
"2.0.0~rc9-0ubuntu5",
"2.0.0-0ubuntu1",
"2.0.0-0ubuntu2",
"2.0.0-0ubuntu3",
"2.0.0-0ubuntu4",
"2.0.1-0ubuntu1~16.04.1",
"2.0.2-0ubuntu1~16.04.1",
"2.0.3-0ubuntu1~ubuntu16.04.2",
"2.0.4-0ubuntu1~ubuntu16.04.1",
"2.0.5-0ubuntu1~ubuntu16.04.1",
"2.0.8-0ubuntu1~ubuntu16.04.1",
"2.0.8-0ubuntu1~ubuntu16.04.2",
"2.0.9-0ubuntu1~16.04.1",
"2.0.9-0ubuntu1~16.04.2",
"2.0.10-0ubuntu1~16.04.1",
"2.0.10-0ubuntu1~16.04.2",
"2.0.11-0ubuntu1~16.04.2",
"2.0.11-0ubuntu1~16.04.4",
"2.0.11-0ubuntu1~16.04.4+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "lxd",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm2"
},
{
"binary_name": "lxd-client",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm2"
},
{
"binary_name": "lxd-tools",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "lxd",
"purl": "pkg:deb/ubuntu/lxd@3.0.3-0ubuntu1~18.04.2+esm2?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.3-0ubuntu1~18.04.2+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.18-0ubuntu6",
"2.19-0ubuntu1",
"2.20-0ubuntu3",
"2.20-0ubuntu4",
"2.21-0ubuntu1",
"2.21-0ubuntu2",
"2.21-0ubuntu3",
"2.21-0ubuntu4",
"3.0.0~beta2-0ubuntu3",
"3.0.0~beta3-0ubuntu3",
"3.0.0~beta5-0ubuntu2",
"3.0.0~beta7-0ubuntu1",
"3.0.0-0ubuntu1",
"3.0.0-0ubuntu2",
"3.0.0-0ubuntu3",
"3.0.0-0ubuntu4",
"3.0.1-0ubuntu1~18.04.1",
"3.0.2-0ubuntu1~18.04.1",
"3.0.3-0ubuntu1~18.04.1",
"3.0.3-0ubuntu1~18.04.2",
"3.0.3-0ubuntu1~18.04.2+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20170629.c81e7f2+dfsg-1ubuntu1",
"1:0.0+git20170629.c81e7f2+dfsg-1ubuntu2",
"1:0.0+git20170629.c81e7f2+dfsg-2",
"1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20190811.74dc4d7+dfsg-1",
"1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "golang-golang-x-net",
"purl": "pkg:deb/ubuntu/golang-golang-x-net@1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20210119.5f4716e+dfsg-4",
"1:0.0+git20210805.aaa1db6+dfsg-1",
"1:0.0+git20211209.491a49a+dfsg-1",
"1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.21.0+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:24.04:LTS",
"name": "golang-golang-x-net",
"purl": "pkg:deb/ubuntu/golang-golang-x-net@1:0.21.0+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.21.0+dfsg-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.10.0-1",
"1:0.17.0+dfsg-1",
"1:0.20.0+dfsg-1",
"1:0.21.0+dfsg-1",
"1:0.21.0+dfsg-1ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.27.0-2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "golang-golang-x-net",
"purl": "pkg:deb/ubuntu/golang-golang-x-net@1:0.27.0-2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.27.0-1",
"1:0.27.0-2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.27.0-2"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "golang-golang-x-net",
"purl": "pkg:deb/ubuntu/golang-golang-x-net@1:0.27.0-2?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.27.0-2"
]
}
],
"aliases": [],
"details": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"id": "UBUNTU-CVE-2025-58190",
"modified": "2026-05-20T15:22:56Z",
"published": "2026-02-05T18:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-58190"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"type": "REPORT",
"url": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c"
},
{
"type": "REPORT",
"url": "https://github.com/golang/go/issues/70179"
},
{
"type": "REPORT",
"url": "https://github.com/golang/vulndb/issues/4441"
},
{
"type": "REPORT",
"url": "https://go.dev/cl/709875"
},
{
"type": "REPORT",
"url": "https://pkg.go.dev/vuln/GO-2026-4441"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8089-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8089-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8089-3"
}
],
"related": [
"USN-8089-1",
"USN-8089-2",
"USN-8089-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2025-58190"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.