| packages: |
| - module: golang.org/x/net |
| package: golang.org/x/net/html |
| symbols: |
| - inHeadIM |
| versions: |
| - fixed: 0.0.0-20210520170846-37e1c6afe023 |
| description: | |
| An attacker can craft an input to ParseFragment that causes it |
| to enter an infinite loop and never return. |
| published: 2022-02-17T17:33:43Z |
| cves: |
| - CVE-2021-33194 |
| credit: discovered by OSS-Fuzz and reported by Andrew Thornton |
| links: |
| pr: https://go.dev/cl/311090 |
| commit: https://go.googlesource.com/net/+/37e1c6afe02340126705deced573a85ab75209d7 |
| context: |
| - https://go.dev/issue/46288 |
| - https://groups.google.com/g/golang-announce/c/wPunbCPkWUg |