---

CVE-2021-27918 - log back

CVE-2021-27918 edited at 11 Mar 2021 07:47:22

Description

- A security issue was found in Go before versions 1.16.1 and 1.15.9. The Decode, DecodeElement, and Skip methods of an xml.Decoder provided by xml.NewTokenDecoder may enter an infinite loop when operating on a custom xml.TokenReader which returns an EOF in the middle of an open XML element. + encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.

CVE-2021-27918 edited at 10 Mar 2021 16:46:31
Severity	- Unknown + Low
Remote	- Unknown + Local
Type	- Unknown + Denial of service
Description	+ A security issue was found in Go before versions 1.16.1 and 1.15.9. The Decode, DecodeElement, and Skip methods of an xml.Decoder provided by xml.NewTokenDecoder may enter an infinite loop when operating on a custom xml.TokenReader which returns an EOF in the middle of an open XML element.
References	+ https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw + https://github.com/golang/go/issues/44913 + https://github.com/golang/go/commit/d86e53e896eca907ad67300c0bb495e3dd925358
Notes

CVE-2021-27918 created at 10 Mar 2021 16:43:57