Bug 1639124 – CVE-2018-17848 golang-org-x-net-html: index out of range in (*insertionModeStack).pop in node.go causes runtime panic during html.Parse() call

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1639124 - (CVE-2018-17848) CVE-2018-17848 golang-org-x-net-html: index out of range in (*insertionModeStack).pop in node.go causes runtime panic during html.Parse() call

Summary:	CVE-2018-17848 golang-org-x-net-html: index out of range in (*insertionModeSt...

Status:	NEW

Aliases:	CVE-2018-17848

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20181001,repor...
Keywords:	Security

Depends On:	1639126 1639127 1639128 1639129 1639130 1639131
Blocks:	1633033
	Show dependency tree / graph

Reported:	2018-10-15 02:14 EDT by Sam Fowler
Modified:	2018-10-30 00:37 EDT (History)
CC List:	46 users (show)

See Also:
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Sam Fowler 2018-10-15 02:14:49 EDT

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call.


Upstream Issue:

https://github.com/golang/go/issues/27846

Comment 1 Sam Fowler 2018-10-15 02:16:04 EDT

Created golang-googlecode-net tracking bugs for this issue:

Affects: epel-6 [bug 1639131]
Affects: fedora-all [bug 1639130]


Created heketi tracking bugs for this issue:

Affects: epel-6 [bug 1639129]
Affects: fedora-all [bug 1639128]


Created kompose tracking bugs for this issue:

Affects: fedora-all [bug 1639127]


Created origin tracking bugs for this issue:

Affects: fedora-all [bug 1639126]

Comment 2 Scott Gayou 2018-10-16 17:58:04 EDT

No upstream fix found yet, but this is not reproducible on RHEL7. My guess is this is similar to the other template related flaws.

See https://bugzilla.redhat.com/show_bug.cgi?id=1633022 as an example.

Not affected / not reproducible on our released version.

Comment 3 Summer Long 2018-10-30 00:37:27 EDT

OpenStack OpTools 8 and 9 grafana versions do not include net/html, which has the flawed code, setting these to NotAffected.

Note You need to log in before you can comment on or make changes to this bug.

admiller
ahardin
apevec
bleanhar
ccoleman
chrisw
dedgar
dustymabe
eparis
extras-orphan
fpokorny
hchiramm
jcajka
jchaloup
jgoulding
jjoyce
jmulligan
jokerman
jrivera
jschluet
kbasil
kramdoss
kumarpraveen.nitdgp
lhh
lpabon
lpeer
madam
markmc
mburns
mchappel
mmagr
ramkrsna
rbryant
rhs-bugs
sankarshan
sclewis
sisharma
slinaber
smohan
ssaha
storage-qa-internal
tdawson
tdecacqu
thrcka
vbatts
vbellur