The html package (aka x/net/html) through 2018-09-25 in Go mishandles , leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification.
Weakness
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Net | Golang | * | 2018-09-25 (including) |
| Golang-go.net-dev | Ubuntu | trusty | * |
| Golang-golang-x-net-dev | Ubuntu | bionic | * |
| Golang-golang-x-net-dev | Ubuntu | cosmic | * |
| Golang-golang-x-net-dev | Ubuntu | disco | * |
| Golang-golang-x-net-dev | Ubuntu | eoan | * |
| Golang-golang-x-net-dev | Ubuntu | esm-apps/bionic | * |
| Golang-golang-x-net-dev | Ubuntu | esm-apps/focal | * |
| Golang-golang-x-net-dev | Ubuntu | esm-infra/xenial | * |
| Golang-golang-x-net-dev | Ubuntu | focal | * |
| Golang-golang-x-net-dev | Ubuntu | xenial | * |
References
- https://github.com/golang/go/issues/27842
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK/
- https://github.com/golang/go/issues/27842
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK/