CVE-2021-27918

2021-03-11T00:00:00
ID UB:CVE-2021-27918
Type ubuntucve
Reporter ubuntu.com
Modified 2021-03-11T00:00:00

Description

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.

Notes

Author| Note
---|---
mdeslaur | Packages built using golang need to be rebuilt once the vulnerability has been fixed. This CVE entry does not list packages that need rebuilding outside of the main repository or the Ubuntu variants with PPA overlays.