Search for packages
| purl | pkg:deb/debian/golang-golang-x-net-dev@1:0.0%2Bgit20181201.351d144%2Bdfsg-3 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3gua-vux5-aaaq
Aliases: CVE-2019-9512 GHSA-hgr8-6h9x-f7q9 |
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. |
Affected by 0 other vulnerabilities. |
|
VCID-6ypc-78mx-aaac
Aliases: CVE-2019-9514 GHSA-39qc-96h7-956f |
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3638-xnhc-aaae | The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification. |
CVE-2018-17846
GHSA-vfw5-hrgq-h5wf |
| VCID-bg6y-ezra-aaaf | The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call. |
CVE-2018-17847
GHSA-4r78-hx75-jjj2 |
| VCID-mscq-bf1w-aaap | The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call. |
CVE-2018-17848
GHSA-mv93-wvcp-7m7r |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-22T01:55:08.453673+00:00 | Debian Importer | Affected by | VCID-6ypc-78mx-aaac | None | 36.1.3 |
| 2025-06-21T16:37:44.243441+00:00 | Debian Oval Importer | Fixing | VCID-3638-xnhc-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T15:09:02.818618+00:00 | Debian Oval Importer | Fixing | VCID-mscq-bf1w-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:32:25.101166+00:00 | Debian Oval Importer | Fixing | VCID-bg6y-ezra-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T04:46:29.606744+00:00 | Debian Importer | Affected by | VCID-3gua-vux5-aaaq | None | 36.1.3 |
| 2025-06-21T00:50:27.400035+00:00 | Debian Oval Importer | Fixing | VCID-3638-xnhc-aaae | None | 36.1.3 |
| 2025-06-20T22:44:10.875323+00:00 | Debian Oval Importer | Fixing | VCID-mscq-bf1w-aaap | None | 36.1.3 |
| 2025-06-20T21:12:12.491056+00:00 | Debian Oval Importer | Fixing | VCID-bg6y-ezra-aaaf | None | 36.1.3 |
| 2025-06-08T09:23:19.371297+00:00 | Debian Oval Importer | Fixing | VCID-3638-xnhc-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T08:02:37.295238+00:00 | Debian Oval Importer | Fixing | VCID-mscq-bf1w-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:26:27.897692+00:00 | Debian Oval Importer | Fixing | VCID-bg6y-ezra-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-07T18:12:49.345807+00:00 | Debian Oval Importer | Fixing | VCID-3638-xnhc-aaae | None | 36.1.0 |
| 2025-06-07T16:08:06.713133+00:00 | Debian Oval Importer | Fixing | VCID-mscq-bf1w-aaap | None | 36.1.0 |
| 2025-06-07T14:36:49.168761+00:00 | Debian Oval Importer | Fixing | VCID-bg6y-ezra-aaaf | None | 36.1.0 |
| 2025-04-08T07:55:35.428003+00:00 | Debian Oval Importer | Fixing | VCID-3638-xnhc-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T06:34:51.364649+00:00 | Debian Oval Importer | Fixing | VCID-mscq-bf1w-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:58:45.947926+00:00 | Debian Oval Importer | Fixing | VCID-bg6y-ezra-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T16:50:12.188871+00:00 | Debian Oval Importer | Fixing | VCID-3638-xnhc-aaae | None | 36.0.0 |
| 2025-04-07T14:39:22.284513+00:00 | Debian Oval Importer | Fixing | VCID-mscq-bf1w-aaap | None | 36.0.0 |
| 2025-04-07T13:08:57.194870+00:00 | Debian Oval Importer | Fixing | VCID-bg6y-ezra-aaaf | None | 36.0.0 |
| 2025-04-05T20:36:59.675073+00:00 | Debian Importer | Affected by | VCID-6ypc-78mx-aaac | None | 36.0.0 |
| 2025-04-04T07:35:51.133084+00:00 | Debian Importer | Affected by | VCID-3gua-vux5-aaaq | None | 36.0.0 |
| 2025-02-19T11:06:07.782481+00:00 | Debian Importer | Affected by | VCID-6ypc-78mx-aaac | None | 35.1.0 |
| 2025-02-19T11:05:57.091582+00:00 | Debian Importer | Affected by | VCID-3gua-vux5-aaaq | None | 35.1.0 |
| 2024-04-24T16:44:54.335529+00:00 | Debian Importer | Affected by | VCID-6ypc-78mx-aaac | None | 34.0.0rc4 |
| 2024-04-24T16:44:47.363749+00:00 | Debian Importer | Affected by | VCID-3gua-vux5-aaaq | None | 34.0.0rc4 |
| 2024-01-10T18:45:39.336341+00:00 | Debian Importer | Affected by | VCID-6ypc-78mx-aaac | None | 34.0.0rc2 |
| 2024-01-10T18:45:33.459122+00:00 | Debian Importer | Affected by | VCID-3gua-vux5-aaaq | None | 34.0.0rc2 |
| 2024-01-04T08:15:00.223360+00:00 | Debian Importer | Affected by | VCID-6ypc-78mx-aaac | None | 34.0.0rc1 |
| 2024-01-04T08:14:54.087099+00:00 | Debian Importer | Affected by | VCID-3gua-vux5-aaaq | None | 34.0.0rc1 |