Lucene search
K

23 matches found

OSV
OSV
added 2026/04/06 11:8 p.m.2 views

GHSA-378J-3JFJ-8R9F go-ipld-prime: DAG-CBOR decoder unbounded memory allocation from CBOR headers

The DAG-CBOR decoder uses collection sizes declared in CBOR headers as Go preallocation hints for maps and lists. The decoder does not cap these size hints or account for their cost in its allocation budget, allowing small payloads to cause excessive memory allocation. A CBOR map or list header c...

6.2CVSS6.1AI score0.00156EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 10:59 a.m.26 views

BIT-GOLANG-2022-30633 Stack exhaustion when unmarshaling certain documents in encoding/xml

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...

7.5CVSS7.7AI score0.01618EPSS
Exploits0References6
OSV
OSV
added 2024/03/05 11:15 p.m.5 views

AZL-35585 CVE-2024-24786 affecting package moby-containerd-cc for versions less than 1.7.7-8

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.6AI score0.01262EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 11:15 p.m.7 views

AZL-35583 CVE-2024-24786 affecting package moby-compose for versions less than 2.17.3-5

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.6AI score0.01262EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/05/16 8:59 a.m.8 views

golang: encoding/xml: stack exhaustion in Unmarshal

A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/05/16 8:49 a.m.6 views

golang: encoding/xml: stack exhaustion in Unmarshal

A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/24 12:51 p.m.10 views

golang: encoding/xml: stack exhaustion in Unmarshal

A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/08 9:43 a.m.5 views

golang: encoding/xml: stack exhaustion in Unmarshal

A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/08/10 8:15 p.m.1 views

CVE-2022-30633

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...

7.5CVSS5.8AI score0.01618EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/08/10 8:15 p.m.29 views

CVE-2022-30633

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...

7.5CVSS7.4AI score
Exploits0References5
OSV
OSV
added 2022/08/10 8:15 p.m.6 views

AZL-79040 CVE-2022-30633 affecting package golang 1.25.7-1

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...

7.5CVSS6.7AI score0.01618EPSS
Exploits0References1
OSV
OSV
added 2022/08/10 8:15 p.m.8 views

AZL-10536 CVE-2022-30633 affecting package golang for versions less than 1.18.5-1

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...

7.5CVSS6.7AI score0.01618EPSS
Exploits0References1
OSV
OSV
added 2022/08/10 8:15 p.m.3 views

UBUNTU-CVE-2022-30633

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...

7.5CVSS6.7AI score0.01618EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/08/10 11:39 a.m.8 views

golang: encoding/xml: stack exhaustion in Unmarshal

A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2022/08/09 8:16 p.m.1 views

CVE-2022-30633 Stack exhaustion when unmarshaling certain documents in encoding/xml

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...

7.3AI score0.01618EPSS
Exploits0References5
CVE
CVE
added 2022/08/09 8:16 p.m.379 views

CVE-2022-30633

The CVE-2022-30633 incident affects Go's encoding/xml package: Unmarshal can panic due to stack exhaustion when unmarshalling XML into a struct with nested fields using the any tag, in Go versions prior to 1.17.12 and 1.18.4. The published advisories (including ALAS2023-2023-046, ALAS2023-2023-04...

7.5CVSS7.7AI score0.01618EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2022/08/02 9:56 a.m.7 views

golang: encoding/xml: stack exhaustion in Unmarshal

A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/08/01 4:7 p.m.6 views

golang: encoding/xml: stack exhaustion in Unmarshal

A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/08/01 12:10 p.m.5 views

golang: encoding/xml: stack exhaustion in Unmarshal

A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References6
Snyk
Snyk
added 2022/07/20 8:52 p.m.2 views

Uncontrolled Recursion

Overview std/encoding/xml is a Go standard library package std/encoding/xml Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Unmarshaling an XML document into a Go struct which has a nested field that uses the 'any' field tag can panic due to...

8.7CVSS6.9AI score0.01618EPSS
Exploits0References3
Rows per page
Query Builder