encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.

References

groups.google.com/g/golang-announce/c/MfiLYjG-RAw

security.gentoo.org/glsa/202208-02

oraclelinux 3

nessus 23

osv 4

nvd 2

prion 2

openvas 8

ubuntucve 1

suse 1

ibm 13

cve 2

debiancve 1

veracode 1

alpinelinux 1

redhatcve 3

cbl_mariner 1

photon 5

altlinux 2

freebsd 1

redhat 5

cvelist 1

rocky 1

almalinux 1

mageia 1

amazon 2

gentoo 1

oraclelinux

olcne security update

2021-05-29 00:00:00

olcne security update

2021-05-29 00:00:00

go-toolset:ol8 security, bug fix, and enhancement update

2021-08-12 00:00:00

nessus

EulerOS 2.0 SP5 : golang (EulerOS-SA-2021-2217)

2021-07-16 00:00:00

Oracle Linux 8 : olcne (ELSA-2021-9267)

2021-05-29 00:00:00

Oracle Linux 7 : olcne (ELSA-2021-9268)

2021-05-29 00:00:00

osv

CVE-2021-27918

2021-03-11 00:15:12

Infinite loop when decoding inputs in encoding/xml

2022-02-17 17:34:24

BIT-golang-2021-27918

2024-03-06 11:06:30

nvd

CVE-2021-27918

2021-03-11 00:15:12

CVE-2021-3703

2022-08-26 16:15:09

prion

Design/Logic Flaw

2021-03-11 00:15:00

Design/Logic Flaw

2022-08-26 16:15:00

openvas

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2021-2061)

2021-07-01 00:00:00

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2021-1980)

2021-06-29 00:00:00

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2021-2050)

2021-07-01 00:00:00

ubuntucve

CVE-2021-27918

2021-03-11 00:00:00

suse

Security update for go1.15 (moderate)

2021-03-27 00:00:00

ibm

Security Bulletin: IBM CICS TX Standard is vulnerable to a denial of service, caused by an infinite loop flaw in Golang Go (CVE-2021-27918).

2023-02-14 21:14:53

Security Bulletin: IBM CICS TX Advanced is vulnerable to a denial of service, caused by an infinite loop flaw in Golang Go (CVE-2021-27918).

2023-02-14 21:04:36

Security Bulletin: IBM Cloud Private is vulnerable to a Go vulnerability (CVE-2021-27919, CVE-2021-27918)

2021-09-03 13:39:16

cve

CVE-2021-27918

2021-03-11 00:15:12

CVE-2021-3703

2022-08-26 16:15:09

debiancve

CVE-2021-27918

2021-03-11 00:15:12

veracode

Denial Of Service (DoS)

2021-03-11 04:13:55

alpinelinux

CVE-2021-27918

2021-03-11 00:15:12

redhatcve

CVE-2021-27918

2021-03-11 18:04:02

CVE-2021-3724

2021-08-19 07:33:26

CVE-2021-3703

2021-09-13 23:23:31

cbl_mariner

CVE-2021-27918 affecting package golang 1.15.7-1

2021-07-08 21:56:48

photon

Important Photon OS Security Update - PHSA-2021-0013

2021-04-22 00:00:00

Important Photon OS Security Update - PHSA-2021-4.0-0013

2021-04-22 00:00:00

Important Photon OS Security Update - PHSA-2021-0248

2021-06-04 00:00:00

altlinux

Security fix for the ALT Linux 9 package golang version 1.15.9-alt1

2021-03-11 00:00:00

Security fix for the ALT Linux 10 package golang version 1.16.1-alt1

2021-03-11 00:00:00

freebsd

go -- encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader; archive/zip: panic when calling Reader.Open

2021-03-05 00:00:00

redhat

(RHSA-2021:2704) Moderate: Release of OpenShift Serverless Client kn 1.16.0

2021-07-13 16:30:23

(RHSA-2021:3076) Moderate: go-toolset:rhel8 security, bug fix, and enhancement update

2021-08-10 12:00:58

(RHSA-2021:3555) Moderate: Release of OpenShift Serverless Client kn 1.17.0

2021-09-16 15:05:22

cvelist

CVE-2021-3703

2022-08-26 15:25:40

rocky

go-toolset:rhel8 security, bug fix, and enhancement update

2021-08-10 12:00:58

almalinux

Moderate: go-toolset:rhel8 security, bug fix, and enhancement update

2021-08-10 12:00:58

mageia

Updated golang packages fix security vulnerabilities

2021-07-25 11:34:17

amazon

Important: golang

2022-07-28 21:55:00

Important: golang

2022-09-15 03:57:00

gentoo

Go: Multiple Vulnerabilities

2022-08-04 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.2%

JSON

Related for CVELIST:CVE-2021-27918