CVE-2021-33194

Name

CVE-2021-33194

Description

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
CONFIRM	https://groups.google.com/g/golang-announce/c/wPunbCPkWUg
MISC	https://github.com/golang/net/commit/37e1c6afe02340126705deced573a85ab75209d7
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM/

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:golang:go::::::::`	go	>= None	<= 1.15.12
`cpe:2.3:a:golang:go::::::::`	go	>= 1.16.0	<= 1.16.4

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status