Medium severity5.3NVD Advisory· Published Dec 18, 2024· Updated Apr 15, 2026
CVE-2024-45338
CVE-2024-45338
Description
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
golang.org/x/net/htmlGo | < 0.33.0 | 0.33.0 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- github.com/advisories/GHSA-w32m-9786-jp63ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-45338ghsaADVISORY
- cs.opensource.google/go/x/netghsaPACKAGE
- github.com/golang/go/issues/70906ghsaWEB
- go.dev/cl/637536nvdWEB
- go.dev/issue/70906nvdWEB
- groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJnvdWEB
- pkg.go.dev/vuln/GO-2024-3333nvdWEB
- security.netapp.com/advisory/ntap-20250221-0001/nvd
News mentions
0No linked articles in our index yet.