1639124 – (CVE-2018-17848) CVE-2018-17848 golang-org-x-net-html: index out of range in (*insertionModeStack).pop in node.go causes runtime panic during html.Parse() call

Bug 1639124 (CVE-2018-17848) - CVE-2018-17848 golang-org-x-net-html: index out of range in (*insertionModeStack).pop in node.go causes runtime panic during html.Parse() call

Summary: CVE-2018-17848 golang-org-x-net-html: index out of range in (*insertionModeSt...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2018-17848
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1639126 1639127 1639128 1639129 1639130 1639131 1651081 1668985
Blocks:	1633033
TreeView+	depends on / blocked

Reported:	2018-10-15 06:14 UTC by Sam Fowler
Modified:	2021-10-25 22:19 UTC (History)
CC List:	46 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-10-25 22:19:50 UTC
Embargoed:

Attachments	(Terms of Use)

Description Sam Fowler 2018-10-15 06:14:49 UTC

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call.


Upstream Issue:

https://github.com/golang/go/issues/27846

Comment 1 Sam Fowler 2018-10-15 06:16:04 UTC

Created golang-googlecode-net tracking bugs for this issue:

Affects: epel-6 [bug 1639131]
Affects: fedora-all [bug 1639130]


Created heketi tracking bugs for this issue:

Affects: epel-6 [bug 1639129]
Affects: fedora-all [bug 1639128]


Created kompose tracking bugs for this issue:

Affects: fedora-all [bug 1639127]


Created origin tracking bugs for this issue:

Affects: fedora-all [bug 1639126]

Comment 2 Scott Gayou 2018-10-16 21:58:04 UTC

No upstream fix found yet, but this is not reproducible on RHEL7. My guess is this is similar to the other template related flaws.

See https://bugzilla.redhat.com/show_bug.cgi?id=1633022 as an example.

Not affected / not reproducible on our released version.

Comment 3 Summer Long 2018-10-30 04:37:27 UTC

OpenStack OpTools 8 and 9 grafana versions do not include net/html, which has the flawed code, setting these to NotAffected.

Comment 7 Joshua Padman 2019-08-21 02:26:51 UTC

Kompose was in DevTools as part of devsuite. Devsuite is now retired (https://developers.redhat.com/products/devsuite/overview/)

Note You need to log in before you can comment on or make changes to this bug.

admiller
ahardin
apevec
bleanhar
bmontgom
bodavis
ccoleman
chrisw
dedgar
dustymabe
eparis
extras-orphan
fpokorny
hchiramm
jarrpa
jburrell
jcajka
jchaloup
jgoulding
jjoyce
jmulligan
jokerman
jpadman
jschluet
kramdoss
kumarpraveen.nitdgp
lhh
lpabon
lpeer
madam
markmc
mburns
mchappel
mmagr
mnewsome
nstielau
ramkrsna
rbryant
rhs-bugs
sclewis
sisharma
slinaber
sponnaga
tdawson
tdecacqu
thrcka