Linux Distros Unpatched Vulnerability : CVE-2020-29510

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows a...

SUSE CVE-2020-29510

The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...

SUSE CVE-2021-27918

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method...

golang: encoding/xml: stack exhaustion in Decoder.Skip

A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

UBUNTU-CVE-2022-30633

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.

...

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.

...

DEBIAN-CVE-2020-29509

The encoding/xml package in Go all versions does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...

CVE-2020-29510

The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...

Google Go encoding security vulnerability

Google Go encoding is a code library from Google Inc. that provides multiple forms of encoding for data based on the Go language. A security vulnerability exists in the Go encoding/xml package that stems from not properly preserving the semantics of attribute namespace prefixes during tokenizatio...

PT-2020-17182 · Go +1 · Encoding/Xml Package +1

Name of the Vulnerable Software and Affected Versions: encoding/xml package in Go all versions Description: The issue arises from the encoding/xml package in Go not correctly preserving the semantics of element namespace prefixes during tokenization round-trips. This allows an attacker to craft...