Vulnerability Report: GO-2021-0238
- CVE-2021-33194, GHSA-83g2-8m93-v3w7
- Affects: golang.org/x/net
- Published: Feb 17, 2022
- Modified: Jun 12, 2023
An attacker can craft an input to ParseFragment that causes it to enter an infinite loop and never return.
Affected Packages
-
PathVersionsSymbols
-
before v0.0.0-20210520170846-37e1c6afe023
Aliases
References
- https://go.dev/cl/311090
- https://go.googlesource.com/net/+/37e1c6afe02340126705deced573a85ab75209d7
- https://go.dev/issue/46288
- https://groups.google.com/g/golang-announce/c/wPunbCPkWUg
- https://vuln.go.dev/ID/GO-2021-0238.json
Credits
- OSS-Fuzz (discovery)Andrew Thornton (reporter)
Feedback
See anything missing or incorrect?
Suggest an edit to this report.