Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-28131

Опубликовано: 12 июл. 2022
Источник: redhat
CVSS3: 7.3
EPSS Низкий

Описание

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.

A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-controller-rhel9Affected
Node Maintenance Operatorworkload-availability/node-maintenance-rhel8-operatorAffected
OpenShift API for Data Protectionoadp/oadp-velero-rhel8Affected
OpenShift Developer Tools and ServiceshelmFix deferred
OpenShift Developer Tools and ServicesodoAffected
OpenShift Pipelinesopenshift-pipelines-clientAffected
Red Hat 3scale API Management Platform 23scale-operator-containerAffected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/work-rhel8Affected
Red Hat Advanced Cluster Security 3advanced-cluster-security/rhacs-main-rhel8Affected
Red Hat Ansible Automation Platform 2openshift-clientsAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-1325
https://bugzilla.redhat.com/show_bug.cgi?id=2107390golang: encoding/xml: stack exhaustion in Decoder.Skip

EPSS

Процентиль: 1%
0.00012
Низкий

7.3 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-28131

CVSS3: 7.5
ubuntu
почти 3 года назад

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.

nvd логотип

CVE-2022-28131

CVSS3: 7.5
nvd
почти 3 года назад

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.

msrc логотип

CVE-2022-28131

CVSS3: 7.5
msrc
почти 3 года назад

Описание отсутствует

debian логотип

CVE-2022-28131

CVSS3: 7.5
debian
почти 3 года назад

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17. ...

github логотип

GHSA-3p2w-3263-9gr3

CVSS3: 7.5
github
почти 3 года назад

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.

EPSS

Процентиль: 1%
0.00012
Низкий

7.3 High

CVSS3

Уязвимость CVE-2022-28131