blob: df27303910dbb2cfca7a7cfcadb61ed723e7c2c3 [file] [log] [blame]
packages:
- module: golang.org/x/net
package: golang.org/x/net/html
symbols:
- inHeadIM
versions:
- fixed: 0.0.0-20210520170846-37e1c6afe023
description: |
An attacker can craft an input to ParseFragment that causes it
to enter an infinite loop and never return.
published: 2022-02-17T17:33:43Z
cves:
- CVE-2021-33194
credit: discovered by OSS-Fuzz and reported by Andrew Thornton
links:
pr: https://go.dev/cl/311090
commit: https://go.googlesource.com/net/+/37e1c6afe02340126705deced573a85ab75209d7
context:
- https://go.dev/issue/46288
- https://groups.google.com/g/golang-announce/c/wPunbCPkWUg