CVE-2021-33194

Summary

CVE	CVE-2021-33194
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-05-26 15:15:00 UTC
Updated	2023-11-07 03:35:00 UTC
Description	golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.

Risk And Classification

Problem Types: CWE-835

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Fedoraproject	Fedora	36	All	All	All
Application	Golang	Go	All	All	All	All
Application	Golang	Go	All	All	All	All

References

Reference	Source	Link	Tags
[security] Vulnerability in golang.org/x/net/html	CONFIRM	groups.google.com
html: ignore templates nested within foreign content · golang/net@37e1c6a · GitHub	MISC	github.com
[SECURITY] Fedora 36 Update: golang-1.18~rc1-2.fc36 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 36 Update: golang-1.18~rc1-2.fc36 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

179970 Debian Security Update for golang-golang-x-net (CVE-2021-33194)
378883 Splunk Enterprise August Third Party Package Updates (SVD-2023-0808)
900141 CBL-Mariner Linux Security Update for golang 1.15.11
903123 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (4317)
907775 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (4317-1)