Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

[security] Vulnerability in golang.org/x/net

1,851 views
Skip to first unread message

anno...@golang.org

unread,
Dec 18, 2024, 2:37:40 PM12/18/24
to golan...@googlegroups.com

Hello gophers,

We have tagged version v0.33.0 of golang.org/x/net in order to address a security issue.

x/net/html: non-linear parsing of case-insensitive content

Version v0.33.0 of golang.org/x/net fixes a vulnerability in the golang.org/x/net/html package which could cause a denial of service.

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing.

Thanks to Guido Vranken for reporting this issue.

This is CVE-2024-45338 and Go issue https://go.dev/issue/70906.

Cheers,
Go Security team

Reply all
Reply to author
Forward
0 new messages