alpine · CVE-2022-28131

Quick triage

Priority: high 公開: Updated:

参照: Official alpine advisory, NVD, CVE.org · CVE 詳細

Freshness: no update timestamp found; verify against the upstream OS advisory manually.

Tracker summary

CVE-2022-28131: 1 source package rows (go); 55 state rows across 7 repos (3.17-community, 3.18-community, 3.19-community, 3.20-community, 3.21-community, 3.22-community, edge-community); fixed 7, open 48.

Description:

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.

cvelogic Threat Intelligence