Published: 11/03/2021 Updated: 13/12/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

encoding/xml in Go prior to 1.15.9 and 1.16.x prior to 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.

Vulnerable Product	Search on Vulmon	Subscribe to Product
golang go

A null pointer dereference vulnerability was found in golang When using the library's ssh server without specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client connection using the authentication method and cause the server to panic resulting in a denial of service The highest threat from this vulnera ...

A security issue was found in Go before versions 1161 and 1159 The Decode, DecodeElement, and Skip methods of an xmlDecoder provided by xmlNewTokenDecoder may enter an infinite loop when operating on a custom xmlTokenReader which returns an EOF in the middle of an open XML element ...

CWE-835 https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw https://security.gentoo.org/glsa/202208-02 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2022-1830.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-27918

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect