Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.
Source: Go Project
Max CVSS
7.5
EPSS Score
0.10%
Published
2023-04-06
Updated
2023-11-25
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.37%
Published
2022-02-11
Updated
2022-11-09
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.42%
Published
2021-11-08
Updated
2023-04-20
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.44%
Published
2021-10-18
Updated
2023-04-20
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.42%
Published
2018-10-01
Updated
2020-08-24
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.55%
Published
2018-09-17
Updated
2020-08-24
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!