Search CVE reports
1 – 2 of 2 results
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing,...
7 affected packages
golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-golang-x-net | Needs evaluation | Needs evaluation | Not in release | Not in release |
| google-guest-agent | Not affected | Not affected | Not affected | Not affected |
| containerd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-golang-x-net-dev | Not in release | Not in release | Needs evaluation | Needs evaluation |
| adsys | Needs evaluation | Needs evaluation | Needs evaluation | — |
| juju-core | — | — | — | — |
| lxd | — | — | Needs evaluation | Needs evaluation |
Some fixes available 11 of 13
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
7 affected packages
lxd, adsys, golang-golang-x-net, golang-golang-x-net-dev, juju-core...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| lxd | Not in release | Not in release | Not affected | Not affected |
| adsys | Fixed | Fixed | Fixed | — |
| golang-golang-x-net | Fixed | Fixed | Not in release | — |
| golang-golang-x-net-dev | Not in release | Not in release | Fixed | Fixed |
| juju-core | Not in release | Not in release | Not in release | — |
| containerd | Not affected | Not affected | Not affected | Not affected |
| google-guest-agent | Not affected | Not affected | Not affected | Not affected |