reports/GO-2021-0238.yaml - vulndb - Git at Google

 packages:
   - module: golang.org/x/net
     package: golang.org/x/net/html
     symbols:
       - inHeadIM
     versions:
       - fixed: v0.0.0-20210520170846-37e1c6afe023
 description: |
     An attacker can craft an input to ParseFragment that causes it
     to enter an infinite loop and never return.
 published: 2022-02-17T17:33:43Z
 cves:
   - CVE-2021-33194
 credit: discovered by OSS-Fuzz and reported by Andrew Thornton
 links:
     pr: https://go.dev/cl/311090
     commit: https://go.googlesource.com/net/+/37e1c6afe02340126705deced573a85ab75209d7
     context:
       - https://go.dev/issue/46288
       - https://groups.google.com/g/golang-announce/c/wPunbCPkWUg
	packages:
	- module: golang.org/x/net
	package: golang.org/x/net/html
	symbols:
	- inHeadIM
	versions:
	- fixed: v0.0.0-20210520170846-37e1c6afe023
	description: \|
	An attacker can craft an input to ParseFragment that causes it
	to enter an infinite loop and never return.
	published: 2022-02-17T17:33:43Z
	cves:
	- CVE-2021-33194
	credit: discovered by OSS-Fuzz and reported by Andrew Thornton
	links:
	pr: https://go.dev/cl/311090
	commit: https://go.googlesource.com/net/+/37e1c6afe02340126705deced573a85ab75209d7
	context:
	- https://go.dev/issue/46288
	- https://groups.google.com/g/golang-announce/c/wPunbCPkWUg