Amazon Linux 2 : golang-github-kr-pty (ALAS-2022-1864)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1864 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...

EulerOS 2.0 SP5 : golang (EulerOS-SA-2022-2439)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack...

Important: golist

Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...

golang: encoding/xml: stack exhaustion in Unmarshal

A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...

golang: encoding/xml: stack exhaustion in Decoder.Skip

A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

Stack exhaustion when unmarshaling certain documents in encoding/xml

...

CVE-2022-30633

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...

CVE-2022-30633

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...

AZL-79000 CVE-2022-28131 affecting package golang 1.25.7-1

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document...

DEBIAN-CVE-2022-28131

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document...

CVE-2022-28131

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document...

CVE-2022-28131

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document...

UBUNTU-CVE-2022-28131

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document...

UBUNTU-CVE-2022-30633

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...

CVE-2022-30633

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...

CVE-2022-28131

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document...

Design/Logic Flaw

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document...

Important: Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.24.0

Release of OpenShift Serverless Client kn 1.24.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

golang: encoding/xml: stack exhaustion in Unmarshal

A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...

CVE-2022-30633

The CVE-2022-30633 incident affects Go's encoding/xml package: Unmarshal can panic due to stack exhaustion when unmarshalling XML into a struct with nested fields using the any tag, in Go versions prior to 1.17.12 and 1.18.4. The published advisories (including ALAS2023-2023-046, ALAS2023-2023-04...