UBUNTU-CVE-2025-47911

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-47911

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-47911.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-47911

Upstream

CVE-2025-47911

Published

2026-02-05T18:16:00Z

Modified

2026-02-23T07:04:14.875177Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

References

Affected packages

Ubuntu:20.04:LTS

lxd

Package

Name: lxd
Purl: pkg:deb/ubuntu/lxd@1:0.10?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.7

1:0.8

1:0.9

1:0.10

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1:0.10",
            "binary_name": "lxd"
        },
        {
            "binary_version": "1:0.10",
            "binary_name": "lxd-client"
        },
        {
            "binary_version": "1:0.10",
            "binary_name": "lxd-tools"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-47911.json"

Ubuntu:25.10

golang-golang-x-net

Package

Name: golang-golang-x-net
Purl: pkg:deb/ubuntu/golang-golang-x-net@1:0.27.0-2?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.27.0-1

1:0.27.0-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1:0.27.0-2",
            "binary_name": "golang-golang-x-net-dev"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-47911.json"

Ubuntu:Pro:16.04:LTS

golang-golang-x-net-dev

Package

Name: golang-golang-x-net-dev
Purl: pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0+git20150226.3d87fd6-3

0.0+git20151007.b846920+dfsg-1

1:0.*

1:0.0+git20150817.66f0418-1

1:0.0+git20160110.4fd4a9f-1

1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1",
            "binary_name": "golang-go.net-dev"
        },
        {
            "binary_version": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1",
            "binary_name": "golang-golang-x-net-dev"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-47911.json"

juju-core

Package

Name: juju-core
Purl: pkg:deb/ubuntu/juju-core@2.3.7-0ubuntu0.16.04.1+esm1?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.24.6-0ubuntu3

1.25.0-0ubuntu1

1.25.0-0ubuntu2

1.25.0-0ubuntu3

2.*

2.0~beta4-0ubuntu2

2.0~beta6-0ubuntu1.16.04.1

2.0~beta7-0ubuntu1.16.04.1

2.0~beta12-0ubuntu1.16.04.1

2.0~beta15-0ubuntu2.16.04.1

2.0.0-0ubuntu0.16.04.2

2.0.2-0ubuntu0.16.04.1

2.0.2-0ubuntu0.16.04.2

2.3.1-0ubuntu0.16.04.1

2.3.2-0ubuntu0.16.04.1

2.3.7-0ubuntu0.16.04.1

2.3.7-0ubuntu0.16.04.1+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2.3.7-0ubuntu0.16.04.1+esm1",
            "binary_name": "juju"
        },
        {
            "binary_version": "2.3.7-0ubuntu0.16.04.1+esm1",
            "binary_name": "juju-2.0"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-47911.json"

lxd

Package

Name: lxd
Purl: pkg:deb/ubuntu/lxd@2.0.11-0ubuntu1~16.04.4+esm1?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.20-0ubuntu4

0.21-0ubuntu3

0.21-0ubuntu5

0.22-0ubuntu1

0.22-0ubuntu2

0.23-0ubuntu1

0.23-0ubuntu2

0.23-0ubuntu3

0.24-0ubuntu2

0.24-0ubuntu3

0.24-0ubuntu4

0.25-0ubuntu1

0.26-0ubuntu2

0.26-0ubuntu3

0.27-0ubuntu1

0.27-0ubuntu2

2.*

2.0.0~beta1-0ubuntu3

2.0.0~beta1-0ubuntu4

2.0.0~beta2-0ubuntu1

2.0.0~beta2-0ubuntu2

2.0.0~beta3-0ubuntu1

2.0.0~beta3-0ubuntu2

2.0.0~beta3-0ubuntu3

2.0.0~beta3-0ubuntu4

2.0.0~beta4-0ubuntu1

2.0.0~beta4-0ubuntu2

2.0.0~beta4-0ubuntu3

2.0.0~beta4-0ubuntu4

2.0.0~beta4-0ubuntu5

2.0.0~beta4-0ubuntu6

2.0.0~beta4-0ubuntu7

2.0.0~rc1-0ubuntu1

2.0.0~rc1-0ubuntu2

2.0.0~rc1-0ubuntu3

2.0.0~rc2-0ubuntu2

2.0.0~rc2-0ubuntu3

2.0.0~rc3-0ubuntu1

2.0.0~rc3-0ubuntu2

2.0.0~rc3-0ubuntu3

2.0.0~rc3-0ubuntu4

2.0.0~rc4-0ubuntu1

2.0.0~rc5-0ubuntu1

2.0.0~rc6-0ubuntu1

2.0.0~rc6-0ubuntu2

2.0.0~rc7-0ubuntu1

2.0.0~rc7-0ubuntu2

2.0.0~rc8-0ubuntu1

2.0.0~rc8-0ubuntu2

2.0.0~rc8-0ubuntu3

2.0.0~rc8-0ubuntu5

2.0.0~rc8-0ubuntu6

2.0.0~rc8-0ubuntu7

2.0.0~rc9-0ubuntu2

2.0.0~rc9-0ubuntu3

2.0.0~rc9-0ubuntu4

2.0.0~rc9-0ubuntu5

2.0.0-0ubuntu1

2.0.0-0ubuntu2

2.0.0-0ubuntu3

2.0.0-0ubuntu4

2.0.1-0ubuntu1~16.04.1

2.0.2-0ubuntu1~16.04.1

2.0.3-0ubuntu1~ubuntu16.04.2

2.0.4-0ubuntu1~ubuntu16.04.1

2.0.5-0ubuntu1~ubuntu16.04.1

2.0.8-0ubuntu1~ubuntu16.04.1

2.0.8-0ubuntu1~ubuntu16.04.2

2.0.9-0ubuntu1~16.04.1

2.0.9-0ubuntu1~16.04.2

2.0.10-0ubuntu1~16.04.1

2.0.10-0ubuntu1~16.04.2

2.0.11-0ubuntu1~16.04.2

2.0.11-0ubuntu1~16.04.4

2.0.11-0ubuntu1~16.04.4+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2.0.11-0ubuntu1~16.04.4+esm1",
            "binary_name": "golang-github-lxc-lxd-dev"
        },
        {
            "binary_version": "2.0.11-0ubuntu1~16.04.4+esm1",
            "binary_name": "lxc2"
        },
        {
            "binary_version": "2.0.11-0ubuntu1~16.04.4+esm1",
            "binary_name": "lxd"
        },
        {
            "binary_version": "2.0.11-0ubuntu1~16.04.4+esm1",
            "binary_name": "lxd-client"
        },
        {
            "binary_version": "2.0.11-0ubuntu1~16.04.4+esm1",
            "binary_name": "lxd-tools"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-47911.json"

Ubuntu:Pro:18.04:LTS

lxd

Package

Name: lxd
Purl: pkg:deb/ubuntu/lxd@3.0.3-0ubuntu1~18.04.2+esm1?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.18-0ubuntu6

2.19-0ubuntu1

2.20-0ubuntu3

2.20-0ubuntu4

2.21-0ubuntu1

2.21-0ubuntu2

2.21-0ubuntu3

2.21-0ubuntu4

3.*

3.0.0~beta2-0ubuntu3

3.0.0~beta3-0ubuntu3

3.0.0~beta5-0ubuntu2

3.0.0~beta7-0ubuntu1

3.0.0-0ubuntu1

3.0.0-0ubuntu2

3.0.0-0ubuntu3

3.0.0-0ubuntu4

3.0.1-0ubuntu1~18.04.1

3.0.2-0ubuntu1~18.04.1

3.0.3-0ubuntu1~18.04.1

3.0.3-0ubuntu1~18.04.2

3.0.3-0ubuntu1~18.04.2+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "3.0.3-0ubuntu1~18.04.2+esm1",
            "binary_name": "lxd"
        },
        {
            "binary_version": "3.0.3-0ubuntu1~18.04.2+esm1",
            "binary_name": "lxd-client"
        },
        {
            "binary_version": "3.0.3-0ubuntu1~18.04.2+esm1",
            "binary_name": "lxd-tools"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-47911.json"

golang-golang-x-net-dev

Package

Name: golang-golang-x-net-dev
Purl: pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.0+git20170629.c81e7f2+dfsg-1ubuntu1

1:0.0+git20170629.c81e7f2+dfsg-1ubuntu2

1:0.0+git20170629.c81e7f2+dfsg-2

1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1",
            "binary_name": "golang-go.net-dev"
        },
        {
            "binary_version": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1",
            "binary_name": "golang-golang-x-net-dev"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-47911.json"

Ubuntu:Pro:20.04:LTS

golang-golang-x-net-dev

Package

Name: golang-golang-x-net-dev
Purl: pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.0+git20190811.74dc4d7+dfsg-1

1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1",
            "binary_name": "golang-go.net-dev"
        },
        {
            "binary_version": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1",
            "binary_name": "golang-golang-x-net-dev"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-47911.json"

Ubuntu:Pro:22.04:LTS

golang-golang-x-net

Package

Name: golang-golang-x-net
Purl: pkg:deb/ubuntu/golang-golang-x-net@1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.0+git20210119.5f4716e+dfsg-4

1:0.0+git20210805.aaa1db6+dfsg-1

1:0.0+git20211209.491a49a+dfsg-1

1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm1",
            "binary_name": "golang-golang-x-net-dev"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-47911.json"

Ubuntu:Pro:24.04:LTS

golang-golang-x-net

Package

Name: golang-golang-x-net
Purl: pkg:deb/ubuntu/golang-golang-x-net@1:0.21.0+dfsg-1ubuntu0.1~esm1?arch=source&distro=esm-apps/noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.10.0-1

1:0.17.0+dfsg-1

1:0.20.0+dfsg-1

1:0.21.0+dfsg-1

1:0.21.0+dfsg-1ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1:0.21.0+dfsg-1ubuntu0.1~esm1",
            "binary_name": "golang-golang-x-net-dev"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-47911.json"