High severity7.5NVD Advisory· Published May 26, 2021· Updated Jun 17, 2026
CVE-2021-33194
CVE-2021-33194
Description
golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
golang.org/x/netGo | < 0.0.0-20210520170846-37e1c6afe023 | 0.0.0-20210520170846-37e1c6afe023 |
Affected products
16- golang.org/x/golang.org/x/netdescription
- osv-coords15 versionspkg:apk/chainguard/grpcurlpkg:apk/chainguard/heypkg:apk/chainguard/k3dpkg:apk/chainguard/k3d-proxypkg:apk/chainguard/k3d-toolspkg:apk/chainguard/terraform-provider-sendgridpkg:apk/chainguard/terraform-provider-sendgrid-fipspkg:apk/wolfi/grpcurlpkg:apk/wolfi/heypkg:apk/wolfi/k3dpkg:apk/wolfi/k3d-proxypkg:apk/wolfi/k3d-toolspkg:apk/wolfi/terraform-provider-sendgridpkg:bitnami/golangpkg:golang/golang.org/x/net
< 1.8.7-r7+ 14 more
- (no CPE)range: < 1.8.7-r7
- (no CPE)range: < 0.1.4-r3
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 1.0.1-r1
- (no CPE)range: < 1.0.1-r1
- (no CPE)range: < 1.8.7-r7
- (no CPE)range: < 0.1.4-r3
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 1.0.1-r1
- (no CPE)range: < 1.15.12
- (no CPE)range: < 0.0.0-20210520170846-37e1c6afe023
Patches
Vulnerability mechanics
References
10- github.com/golang/net/commit/37e1c6afe02340126705deced573a85ab75209d7nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-83g2-8m93-v3w7ghsaADVISORY
- groups.google.com/g/golang-announce/c/wPunbCPkWUgnvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2021-33194ghsaADVISORY
- go.dev/cl/311090ghsaWEB
- go.dev/issue/46288ghsaWEB
- go.googlesource.com/net/+/37e1c6afe02340126705deced573a85ab75209d7ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTMghsaWEB
- pkg.go.dev/vuln/GO-2021-0238ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM/nvd
News mentions
0No linked articles in our index yet.