CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24788 – Malformed DNS message can cause infinite loop in net
https://notcve.org/view.php?id=CVE-2024-24788
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. Un mensaje DNS con formato incorrecto en respuesta a una consulta puede hacer que las funciones de búsqueda se atasquen en un bucle infinito. A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions. • http://www.openwall.com/lists/oss-security/2024/05/08/3 https://go.dev/cl/578375 https://go.dev/issue/66754 https://groups.google.com/g/golang-announce/c/wkkO4P9stm0 https://pkg.go.dev/vuln/GO-2024-2824 https://security.netapp.com/advisory/ntap-20240605-0002 https://security.netapp.com/advisory/ntap-20240614-0001 https://access.redhat.com/security/cve/CVE-2024-24788 https://bugzilla.redhat.com/show_bug.cgi?id=2279814 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-17847
https://notcve.org/view.php?id=CVE-2018-17847
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call. El paquete html (también conocido como x/net/html) hasta el 25/09/2018 en Go gestiona de manera incorrecta , lo que conduce a un "panic: runtime error" (índice fuera de rango) en (*nodeStack).pop en node.go, llamado desde (*parser).clearActiveFormattingElements, durante una llamada html.Parse. • https://github.com/golang/go/issues/27846 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17846
https://notcve.org/view.php?id=CVE-2018-17846
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification. El paquete html (también conocido como x/net/html) hasta el 2018-09-25 en Go gestiona de manera incorrecta , lo que conduce a un bucle infinito durante una llamada html.Parse. Esto se debe a que inSelectIM e inSelectInTableIM no cumplen con una especificación. • https://github.com/golang/go/issues/27842 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-17848
https://notcve.org/view.php?id=CVE-2018-17848
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call. El paquete html (también conocido como x/net/html) hasta el 25/09/2018 en Go gestiona de manera incorrecta <b></b><b>, lo que conduce a un "panic: runtime error" (índice fuera de rango) en (*insertionModeStack).pop en node.go, llamado desde inHeadIM, durante una llamada html.Parse.</b> • https://github.com/golang/go/issues/27846 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK • CWE-129: Improper Validation of Array Index •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-17142
https://notcve.org/view.php?id=CVE-2018-17142
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call. El paquete html (también conocido como x/net/html) hasta el 2018-09-17 en Go gestiona de manera incorrecta , lo que conduce a un "panic: runtime error" en parseCurrentToken en parse.go durante una llamada html.Parse. • https://github.com/golang/go/issues/27702 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK • CWE-476: NULL Pointer Dereference •