High severity7.5NVD Advisory· Published Sep 17, 2018· Updated Jun 17, 2026
CVE-2018-17143
CVE-2018-17143
Description
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
golang.org/x/netGo | < 0.0.0-20180921000356-2f5d2388922f | 0.0.0-20180921000356-2f5d2388922f |
Affected products
1Patches
Vulnerability mechanics
References
11- go-review.googlesource.com/c/net/+/136575nvdPatchVendor AdvisoryWEB
- github.com/golang/go/issues/27704nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-fcf9-6fv2-fc5vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-17143ghsaADVISORY
- go.dev/issue/27704ghsaWEB
- go.googlesource.com/net/+/2f5d2388922f370f4355f327fcf4cfe9f5583908ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHONghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBKghsaWEB
- pkg.go.dev/vuln/GO-2022-0193ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK/nvd
News mentions
0No linked articles in our index yet.