Skip to main content

Improper Validation of Array Index

CVE-2018-17848

Severity High
Score 7.5/10

Summary

The package golang.org/x/net prior to 0.0.0-20190125002852-4b62a64f59f7 in Go mishandles "<math><template><mn><b></template>", leading to a "panic: runtime error" (index out of range) in "(*insertionModeStack).pop" in "node.go", called from "inHeadIM", during an "html.Parse" call.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-129 - Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

Advisory Timeline

  • Published