VulnerableCode Package Details - pkg:deb/debian/golang-golang-x-net-dev@1:0.0%2Bgit20160518.b3e9c8f%2Bdfsg-1~bpo8%2B1

Search for packages

Vulnerability	Summary	Fixed by
VCID-3638-xnhc-aaae Aliases: CVE-2018-17846 GHSA-vfw5-hrgq-h5wf	The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification.	1:0.0+git20181201.351d144+dfsg-3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bg6y-ezra-aaaf Aliases: CVE-2018-17847 GHSA-4r78-hx75-jjj2	The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (nodeStack).pop in node.go, called from (parser).clearActiveFormattingElements, during an html.Parse call.	1:0.0+git20181201.351d144+dfsg-3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-mscq-bf1w-aaap Aliases: CVE-2018-17848 GHSA-mv93-wvcp-7m7r	The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call.	1:0.0+git20181201.351d144+dfsg-3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-3638-xnhc-aaae
Aliases:
CVE-2018-17846
GHSA-vfw5-hrgq-h5wf

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification.

1:0.0+git20181201.351d144+dfsg-3
Affected by 2 other vulnerabilities.

VCID-bg6y-ezra-aaaf
Aliases:
CVE-2018-17847
GHSA-4r78-hx75-jjj2

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call.

1:0.0+git20181201.351d144+dfsg-3
Affected by 2 other vulnerabilities.

VCID-mscq-bf1w-aaap
Aliases:
CVE-2018-17848
GHSA-mv93-wvcp-7m7r

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call.

1:0.0+git20181201.351d144+dfsg-3
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T16:37:44.232133+00:00	Debian Oval Importer	Affected by	VCID-3638-xnhc-aaae	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T15:09:02.807587+00:00	Debian Oval Importer	Affected by	VCID-mscq-bf1w-aaap	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:32:25.087908+00:00	Debian Oval Importer	Affected by	VCID-bg6y-ezra-aaaf	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T00:50:27.386156+00:00	Debian Oval Importer	Affected by	VCID-3638-xnhc-aaae	None	36.1.3
2025-06-20T22:44:10.864304+00:00	Debian Oval Importer	Affected by	VCID-mscq-bf1w-aaap	None	36.1.3
2025-06-20T21:12:12.480703+00:00	Debian Oval Importer	Affected by	VCID-bg6y-ezra-aaaf	None	36.1.3
2025-06-08T09:23:19.360422+00:00	Debian Oval Importer	Affected by	VCID-3638-xnhc-aaae	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T08:02:37.284455+00:00	Debian Oval Importer	Affected by	VCID-mscq-bf1w-aaap	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T06:26:27.876797+00:00	Debian Oval Importer	Affected by	VCID-bg6y-ezra-aaaf	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-07T18:12:49.335075+00:00	Debian Oval Importer	Affected by	VCID-3638-xnhc-aaae	None	36.1.0
2025-06-07T16:08:06.703152+00:00	Debian Oval Importer	Affected by	VCID-mscq-bf1w-aaap	None	36.1.0
2025-06-07T14:36:49.158764+00:00	Debian Oval Importer	Affected by	VCID-bg6y-ezra-aaaf	None	36.1.0
2025-04-08T07:55:35.398127+00:00	Debian Oval Importer	Affected by	VCID-3638-xnhc-aaae	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T06:34:51.334632+00:00	Debian Oval Importer	Affected by	VCID-mscq-bf1w-aaap	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T04:58:45.917888+00:00	Debian Oval Importer	Affected by	VCID-bg6y-ezra-aaaf	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-07T16:50:12.156880+00:00	Debian Oval Importer	Affected by	VCID-3638-xnhc-aaae	None	36.0.0
2025-04-07T14:39:22.251988+00:00	Debian Oval Importer	Affected by	VCID-mscq-bf1w-aaap	None	36.0.0
2025-04-07T13:08:57.152663+00:00	Debian Oval Importer	Affected by	VCID-bg6y-ezra-aaaf	None	36.0.0