admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-306xx/CVE-2022-30633.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

161 lines
4.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-30633",
"sourceIdentifier": "security@golang.org",
"published": "2022-08-10T20:15:42.210",
"lastModified": "2024-11-21T07:03:04.227",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag."
},
{
"lang": "es",
"value": "Una recursi\u00f3n no controlada en Unmarshal en encoding/xml versiones anteriores a Go 1.17.12 y Go 1.18.4 permite a un atacante causar un p\u00e1nico debido al agotamiento de la pila por medio de unmarshal de un documento XML en una estructura Go que presenta un campo anidado que usa la etiqueta de campo 'any'"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-674"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.17.12",
"matchCriteriaId": "646881F6-A299-4D92-A1F3-E95959FA426F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.18.0",
"versionEndExcluding": "1.18.4",
"matchCriteriaId": "FE088A2D-7894-4A48-887C-36DD727A7BEB"
}
]
}
]
}
],
"references": [
{
"url": "https://go.dev/cl/417061",
"source": "security@golang.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://go.dev/issue/53611",
"source": "security@golang.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08",
"source": "security@golang.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"source": "security@golang.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://pkg.go.dev/vuln/GO-2022-0523",
"source": "security@golang.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://go.dev/cl/417061",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://go.dev/issue/53611",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://pkg.go.dev/vuln/GO-2022-0523",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink