CVE-2018-17075

The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This is related to HTMLTreeBuilder.cpp in WebKit.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
golangnet
𝑥
≤ 2018-07-12
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
golang-go.net-dev
bionic
dne
xenial
dne
trusty
dne
golang-golang-x-net-dev
bionic
not-affected
xenial
not-affected
trusty
dne
Common Weakness Enumeration
References
https://bugs.chromium.org/p/chromium/issues/detail?id=829668
https://github.com/golang/go/issues/27016
https://github.com/golang/net/commit/aaf60122140d3fcf75376d319f0554393160eb50
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK/
https://bugs.chromium.org/p/chromium/issues/detail?id=829668
https://github.com/golang/go/issues/27016
https://github.com/golang/net/commit/aaf60122140d3fcf75376d319f0554393160eb50
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK/