CVE-2022-30633

Summary

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.

Affected Software

VendorProductVersion RangeStatus
Go standard libraryencoding/xml0 < 1.17.12affected
Go standard libraryencoding/xml1.18.0-0 < 1.18.4affected

Weaknesses

  • CWE-674: Uncontrolled Recursion

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References