Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2021-27918

Published: August 31, 2023Last modified: August 31, 2023

Description

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.

Severity score breakdown

ParameterValue
Base score7.5
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityNONE
Integrity impactNONE
Availability impactHIGH
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSgoNot affected (1.19.9-r1)
StreamgoNot affected (1.21.0-r2)

References

ON THIS PAGE