CVE-2024-45338: 
cAdvisor vulnerability analysis and mitigation

A vulnerability was discovered in golang.org/x/net's HTML parsing functionality, identified as CVE-2024-45338. The issue was reported by Guido Vranken and disclosed on December 18, 2024. The vulnerability affects the Parse functions in the golang.org/x/net/html package, which can be exploited to cause non-linear processing of case-insensitive content (Go Issue, Go Announce).

The vulnerability exists in the Parse functions of the golang.org/x/net/html package where input processing occurs non-linearly with respect to its length. The issue has been assigned a CVSS 3.1 Base Score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. The vulnerability is classified under CWE-1333 (Inefficient Regular Expression Complexity) (NVD).

When exploited, this vulnerability can result in extremely slow parsing of specially crafted inputs, leading to a denial of service condition. The impact primarily affects the availability of services using the vulnerable package (Go Vuln).

The vulnerability has been fixed in golang.org/x/net version v0.33.0. Users are advised to upgrade to this version or later to address the security issue. The fix was implemented through a commit that addresses the non-linear parsing behavior (Go Announce).