1639109 – (CVE-2018-17846) CVE-2018-17846 golang-org-x-net-html: infinite loop during html.Parse() via inSelectIM and inSelectInTableIM

Bug 1639109 (CVE-2018-17846) - CVE-2018-17846 golang-org-x-net-html: infinite loop during html.Parse() via inSelectIM and inSelectInTableIM

Summary: CVE-2018-17846 golang-org-x-net-html: infinite loop during html.Parse() via i...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2018-17846
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1639110 1639111 1639112 1639113 1639114 1639115 1651087 1668986
Blocks:	1633033
TreeView+	depends on / blocked

Reported:	2018-10-15 06:07 UTC by Sam Fowler
Modified:	2021-10-25 22:19 UTC (History)
CC List:	47 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-10-25 22:19:33 UTC
Embargoed:

Attachments	(Terms of Use)

Description Sam Fowler 2018-10-15 06:07:12 UTC

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification.


Upstream Issue:

https://github.com/golang/go/issues/27842

Comment 1 Sam Fowler 2018-10-15 06:08:17 UTC

Created golang-googlecode-net tracking bugs for this issue:

Affects: epel-6 [bug 1639115]
Affects: fedora-all [bug 1639114]


Created heketi tracking bugs for this issue:

Affects: epel-6 [bug 1639113]
Affects: fedora-all [bug 1639112]


Created kompose tracking bugs for this issue:

Affects: fedora-all [bug 1639111]


Created origin tracking bugs for this issue:

Affects: fedora-all [bug 1639110]

Comment 2 Scott Gayou 2018-10-16 21:48:49 UTC

Potential Upstream Fix:

https://go-review.googlesource.com/c/net/+/137275

While the patch does look applicable, I am unable to reproduce this on RHEL.

time ./poc

real	0m0.007s
user	0m0.002s
sys	0m0.005s

Comment 3 Summer Long 2018-10-30 04:38:00 UTC

OpenStack OpTools 8 and 9 grafana versions do not include net/html, which has the flawed code, setting these to NotAffected.

Comment 8 Joshua Padman 2019-08-21 02:27:18 UTC

Kompose was in DevTools as part of devsuite. Devsuite is now retired (https://developers.redhat.com/products/devsuite/overview/)

Note You need to log in before you can comment on or make changes to this bug.

admiller
ahardin
apevec
bleanhar
bmontgom
bodavis
ccoleman
chrisw
dedgar
dustymabe
eparis
extras-orphan
fpokorny
hchiramm
jarrpa
jburrell
jcajka
jchaloup
jgoulding
jjoyce
jmulligan
jokerman
jpadman
jschluet
kramdoss
kumarpraveen.nitdgp
lhh
lpabon
lpeer
madam
markmc
mburns
mchappel
mmagr
mnewsome
nstielau
ramkrsna
rbryant
rhs-bugs
sclewis
sfowler
sisharma
slinaber
sponnaga
tdawson
tdecacqu
thrcka