An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
History

Sat, 21 Dec 2024 02:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Important


Wed, 18 Dec 2024 20:45:00 +0000

Type Values Removed Values Added
Description An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
Title Non-linear parsing of case-insensitive content in golang.org/x/net/html
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Go

Published: 2024-12-18T20:38:22.660Z

Updated: 2024-12-18T20:38:22.660Z

Reserved: 2024-08-27T19:41:58.555Z

Link: CVE-2024-45338

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2024-12-18T21:15:08.173

Modified: 2024-12-18T21:15:08.173

Link: CVE-2024-45338

cve-icon Redhat

Severity : Important

Publid Date: 2024-12-18T20:38:22Z

Links: CVE-2024-45338 - Bugzilla