CVE-2022-30633

Опубликовано: 12 июл. 2022

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.

A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion.

Затронутые пакеты

Платформа	Пакет	Состояние
Migration Toolkit for Virtualization	migration-toolkit-virtualization/mtv-controller-rhel9	Affected
Node Maintenance Operator	workload-availability/node-maintenance-rhel8-operator	Affected
OpenShift API for Data Protection	oadp/oadp-velero-rhel8	Affected
OpenShift Developer Tools and Services	helm	Fix deferred
OpenShift Developer Tools and Services	odo	Affected
OpenShift Pipelines	openshift-pipelines-client	Affected
Red Hat 3scale API Management Platform 2	3scale-operator-container	Affected
Red Hat Advanced Cluster Management for Kubernetes 2	rhacm2/work-rhel8	Affected
Red Hat Advanced Cluster Security 3	advanced-cluster-security/rhacs-main-rhel8	Affected
Red Hat Ansible Automation Platform 2	openshift-clients	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-1325

https://bugzilla.redhat.com/show_bug.cgi?id=2107392golang: encoding/xml: stack exhaustion in Unmarshal

EPSS

Процентиль: 23%

0.00071

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2022-30633

CVSS3: 7.5

ubuntu

почти 3 года назад

CVE-2022-30633

CVSS3: 7.5

nvd

почти 3 года назад

CVE-2022-30633

CVSS3: 7.5

msrc

почти 3 года назад

Описание отсутствует

CVE-2022-30633

CVSS3: 7.5

debian

почти 3 года назад

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 ...

GHSA-r9vw-mppf-3883

CVSS3: 7.5

github

почти 3 года назад

EPSS

Процентиль: 23%

0.00071

Низкий

7.5 High

CVSS3