#1127321 golang-golang-x-net: CVE-2025-47911

Package:
src:golang-golang-x-net
Source:
src:golang-golang-x-net
Submitter:
Salvatore Bonaccorso
Date:
2026-03-16 19:27:03 UTC
Severity:
normal
Tags:
#1127321#5
Date:
2026-02-06 21:47:46 UTC
From:
To:
Hi,

The following vulnerability was published for golang-golang-x-net.

CVE-2025-47911[0]:
| The html.Parse function in golang.org/x/net/html has quadratic
| parsing complexity when processing certain inputs, which can lead to
| denial of service (DoS) if an attacker provides specially crafted
| HTML content.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-47911
https://www.cve.org/CVERecord?id=CVE-2025-47911
[1] https://github.com/golang/go/issues/75682
[2] https://github.com/golang/net/commit/59706cdaa8f95502fdec64b67b4c61d6ca58727d

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
#1127321#12
Date:
2026-03-16 19:25:57 UTC
From:
To:
Source: linux
Source-Version: 1:0.47.0-1
#1127321#17
Date:
2026-03-16 19:25:57 UTC
From:
To:
Source: linux
Source-Version: 1:0.47.0-1