Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-30633


Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.


Published

2022-08-10T20:15:42.210

Last Modified

2024-11-21T07:03:04.227

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses
  • Type: Primary
    CWE-674

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application golang go < 1.17.12 Yes
Application golang go < 1.18.4 Yes

References