CVE-2025-47911

EUVD-2025-206856
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
gohtml
𝑥
< 0.45.0
𝑥
= Vulnerable software versions
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
helm
suse enterprise sap 15 SP6
3.19.1-150000.1.57.1
fixed
suse enterprise sap 15 SP7
3.19.1-150000.1.57.1
fixed
suse enterprise server 15 SP3
3.19.1-150000.1.57.1
fixed
suse enterprise server 15 SP4
3.19.1-150000.1.57.1
fixed
suse enterprise server 15 SP5
3.19.1-150000.1.57.1
fixed
suse enterprise server 15 SP6
3.19.1-150000.1.57.1
fixed
suse enterprise server 15 SP7
3.19.1-150000.1.57.1
fixed
helm-bash-completion
suse enterprise sap 15 SP6
3.19.1-150000.1.57.1
fixed
suse enterprise sap 15 SP7
3.19.1-150000.1.57.1
fixed
suse enterprise server 15 SP3
3.19.1-150000.1.57.1
fixed
suse enterprise server 15 SP4
3.19.1-150000.1.57.1
fixed
suse enterprise server 15 SP5
3.19.1-150000.1.57.1
fixed
suse enterprise server 15 SP6
3.19.1-150000.1.57.1
fixed
suse enterprise server 15 SP7
3.19.1-150000.1.57.1
fixed
helm-zsh-completion
suse enterprise sap 15 SP6
3.19.1-150000.1.57.1
fixed
suse enterprise sap 15 SP7
3.19.1-150000.1.57.1
fixed
suse enterprise server 15 SP3
3.19.1-150000.1.57.1
fixed
suse enterprise server 15 SP4
3.19.1-150000.1.57.1
fixed
suse enterprise server 15 SP5
3.19.1-150000.1.57.1
fixed
suse enterprise server 15 SP6
3.19.1-150000.1.57.1
fixed
suse enterprise server 15 SP7
3.19.1-150000.1.57.1
fixed
Vulnerability Media Exposure
References
https://github.com/golang/vulndb/issues/4440
https://go.dev/cl/709876
https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c
https://pkg.go.dev/vuln/GO-2026-4440