CVE-2018-17142

NULL Pointer Dereference in go/golang.org/x/net

Identifiers

GHSA-2wp2-chmh-r934, CVE-2018-17142

Package Slug

go/golang.org/x/net

Vulnerability

NULL Pointer Dereference

Description

The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call.

Affected Versions

All versions before 0.0.0-20180925071336-cf3bd585ca2a

Solution

Upgrade to version 0.0.0-20180925071336-cf3bd585ca2a or above.

Last Modified

2023-03-06

source