23 matches found
GHSA-378J-3JFJ-8R9F go-ipld-prime: DAG-CBOR decoder unbounded memory allocation from CBOR headers
The DAG-CBOR decoder uses collection sizes declared in CBOR headers as Go preallocation hints for maps and lists. The decoder does not cap these size hints or account for their cost in its allocation budget, allowing small payloads to cause excessive memory allocation. A CBOR map or list header c...
BIT-GOLANG-2022-30633 Stack exhaustion when unmarshaling certain documents in encoding/xml
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...
AZL-35583 CVE-2024-24786 affecting package moby-compose for versions less than 2.17.3-5
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-35585 CVE-2024-24786 affecting package moby-containerd-cc for versions less than 1.7.7-8
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
golang: encoding/xml: stack exhaustion in Unmarshal
A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...
golang: encoding/xml: stack exhaustion in Unmarshal
A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...
golang: encoding/xml: stack exhaustion in Unmarshal
A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...
golang: encoding/xml: stack exhaustion in Unmarshal
A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...
AZL-79040 CVE-2022-30633 affecting package golang 1.25.7-1
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...
AZL-10536 CVE-2022-30633 affecting package golang for versions less than 1.18.5-1
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...
CVE-2022-30633
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...
CVE-2022-30633
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...
UBUNTU-CVE-2022-30633
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...
golang: encoding/xml: stack exhaustion in Unmarshal
A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...
CVE-2022-30633
The CVE-2022-30633 incident affects Go's encoding/xml package: Unmarshal can panic due to stack exhaustion when unmarshalling XML into a struct with nested fields using the any tag, in Go versions prior to 1.17.12 and 1.18.4. The published advisories (including ALAS2023-2023-046, ALAS2023-2023-04...
CVE-2022-30633 Stack exhaustion when unmarshaling certain documents in encoding/xml
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...
golang: encoding/xml: stack exhaustion in Unmarshal
A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...
golang: encoding/xml: stack exhaustion in Unmarshal
A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...
golang: encoding/xml: stack exhaustion in Unmarshal
A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...
GO-2022-0523 Stack exhaustion when unmarshaling certain documents in encoding/xml
Unmarshaling an XML document into a Go struct which has a nested field that uses the 'any' field tag can panic due to stack exhaustion...