6242 matches found
AZL-10531 CVE-2022-28131 affecting package golang for versions less than 1.18.5-1
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document...
UBUNTU-CVE-2022-28131
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document...
CVE-2022-28131
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document...
UBUNTU-CVE-2022-30635
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures...
CVE-2022-28131
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document...
Design/Logic Flaw
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document...
Design/Logic Flaw
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures...
golang: encoding/xml: stack exhaustion in Decoder.Skip
A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...
CVE-2022-30635 Stack exhaustion when decoding certain messages in encoding/gob
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures...
SUSE SLED15 / SLES15 Security Update : python-ujson (SUSE-SU-2022:2673-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2673-1 advisory. - UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected...
netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way
A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...
[SECURITY] Fedora 35 Update: python-ujson-5.4.0-1.fc35
UltraJSON is an ultra fast JSON encoder and decoder written in pure C with bindings for Python...
golang: encoding/gob: stack exhaustion in Decoder.Decode
A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...
golang: encoding/xml: stack exhaustion in Decoder.Skip
A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...
golang: encoding/gob: stack exhaustion in Decoder.Decode
A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...
golang: encoding/xml: stack exhaustion in Decoder.Skip
A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...
golang: encoding/xml: stack exhaustion in Decoder.Skip
A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...
Important: go-toolset:rhel8 security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-30631 golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stac...
[SECURITY] Fedora 36 Update: golang-github-francoispqt-gojay-1.2.13-8.fc36
GoJay is a performant JSON encoder/decoder for Golang currently the most performant, see benchmarks. It has a simple API and doesn't use reflection. It relies on small interfaces to decode/encode structures and slices. Gojay also comes with powerful stream decoding features and an even faster...
Uncontrolled Recursion
Overview std/encoding/xml is a Go standard library package std/encoding/xml Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Calling Decoder.Skip when parsing a deeply nested XML document can cause a panic due to stack exhaustion. Remediation...