Uncontrolled Recursion in Go's encoding/xml Decoder.Skip (before 1.17.12/1.18.4)
CVE-2022-28131 Published on August 10, 2022

Stack exhaustion from deeply nested XML documents in encoding/xml
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.

NVD

Products Associated with CVE-2022-28131

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-28131 are published in these products:

GoLang Go

Fedora Project Fedora

NetApp Cloud Insights Telegraf

Canonical Ubuntu Linux

Affected Versions

Go standard library encoding/xml:

Before 1.17.12 is affected.
Version 1.18.0-0 and below 1.18.4 is affected.

Exploit Probability

EPSS

0.01%

Percentile

2.98%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Uncontrolled Recursion in Go's encoding/xml Decoder.Skip (before 1.17.12/1.18.4)CVE-2022-28131 Published on August 10, 2022

Products Associated with CVE-2022-28131

Affected Versions

Exploit Probability

Uncontrolled Recursion in Go's encoding/xml Decoder.Skip (before 1.17.12/1.18.4)
CVE-2022-28131 Published on August 10, 2022