Improper Validation of Array Index
CVE-2018-17848
Summary
The package golang.org/x/net prior to 0.0.0-20190125002852-4b62a64f59f7 in Go mishandles "<math><template><mn><b></template>", leading to a "panic: runtime error" (index out of range) in "(*insertionModeStack).pop" in "node.go", called from "inHeadIM", during an "html.Parse" call.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-129 - Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
Advisory Timeline
- Published