#1127320 golang-golang-x-net: CVE-2025-58190

Package:
src:golang-golang-x-net
Source:
src:golang-golang-x-net
Submitter:
Salvatore Bonaccorso
Date:
2026-03-16 19:27:02 UTC
Severity:
normal
Tags:
#1127320#5
Date:
2026-02-06 21:46:52 UTC
From:
To:
Hi,

The following vulnerability was published for golang-golang-x-net.

CVE-2025-58190[0]:
| The html.Parse function in golang.org/x/net/html has an infinite
| parsing loop when processing certain inputs, which can lead to
| denial of service (DoS) if an attacker provides specially crafted
| HTML content.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-58190
https://www.cve.org/CVERecord?id=CVE-2025-58190
[1] https://github.com/golang/go/issues/70179
[2] https://github.com/golang/net/commit/6ec8895aa5f6594da7356da7d341b98133629009

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
#1127320#12
Date:
2026-03-16 19:25:57 UTC
From:
To:
Source: linux
Source-Version: 1:0.47.0-1
#1127320#17
Date:
2026-03-16 19:25:57 UTC
From:
To:
Source: linux
Source-Version: 1:0.47.0-1