Lucene search

CVE-2021-27918

🗓️ 11 Mar 2021 00:12:15Reported by [email protected]Type

Go infinite loop vulnerability with custom TokenReader

Reporter	Title	Published	Views	Family All 95
Tenable Nessus	openSUSE Security Update : go1.15 (openSUSE-2021-480)	29 Mar 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP5 : golang (EulerOS-SA-2021-2217)	16 Jul 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP8 : golang (EulerOS-SA-2021-1980)	28 Jun 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-2050)	1 Jul 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-2061)	1 Jul 202100:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 Security Update : go1.15 (SUSE-SU-2021:0938-1)	26 Mar 202100:00	–	nessus
Tenable Nessus	RHEL 7 : cli (Unpatched Vulnerability)	3 Jun 202400:00	–	nessus
Tenable Nessus	Photon OS 4.0: Go PHSA-2021-4.0-0013	29 Apr 202100:00	–	nessus
Tenable Nessus	FreeBSD : go -- encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader; archive/zip: panic when calling Reader.Open (72709326-81f7-11eb-950a-00155d646401)	11 Mar 202100:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 Security Update : go1.16 (SUSE-SU-2021:0937-1)	26 Mar 202100:00	–	nessus

Nvd

Node

golang goRange<1.15.9

golang goRange1.16.0–1.16.1

Source	Link
groups	www.groups.google.com/g/golang-announce/c/MfiLYjG-RAw
security	www.security.gentoo.org/glsa/202208-02

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

11 Mar 2021 00:15Current

CVSS25

CVSS37.5

EPSS0.00094

CWE-835

cve-2021-27918 encoding/xml go infinite loop tokenreader xml.newtokendecoder eof element decode decodeelement skip