Search for vulnerabilities
Vulnerability details: VCID-ftf6-7n4e-aaaf
Vulnerability ID VCID-ftf6-7n4e-aaaf
Aliases CVE-2022-30633
Summary Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-674 Uncontrolled Recursion
CWE-1325 Improperly Controlled Sequential Memory Allocation
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2022:5775
rhas Important https://access.redhat.com/errata/RHSA-2022:5799
rhas Important https://access.redhat.com/errata/RHSA-2022:5866
rhas Important https://access.redhat.com/errata/RHSA-2022:6040
rhas Important https://access.redhat.com/errata/RHSA-2022:6042
rhas Important https://access.redhat.com/errata/RHSA-2022:6113
rhas Important https://access.redhat.com/errata/RHSA-2022:6188
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30633.json
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00149 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00218 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00218 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00218 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
epss 0.00218 https://api.first.org/data/v1/epss?cve=CVE-2022-30633
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=2107392
cvssv3.1 6.2 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30633
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30633
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30633.json
https://api.first.org/data/v1/epss?cve=CVE-2022-30633
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://go.dev/cl/417061
https://go.dev/issue/53611
https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08
https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/
https://pkg.go.dev/vuln/GO-2022-0523
2107392 https://bugzilla.redhat.com/show_bug.cgi?id=2107392
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
CVE-2022-30633 https://nvd.nist.gov/vuln/detail/CVE-2022-30633
RHSA-2022:5775 https://access.redhat.com/errata/RHSA-2022:5775
RHSA-2022:5799 https://access.redhat.com/errata/RHSA-2022:5799
RHSA-2022:5866 https://access.redhat.com/errata/RHSA-2022:5866
RHSA-2022:6040 https://access.redhat.com/errata/RHSA-2022:6040
RHSA-2022:6042 https://access.redhat.com/errata/RHSA-2022:6042
RHSA-2022:6113 https://access.redhat.com/errata/RHSA-2022:6113
RHSA-2022:6152 https://access.redhat.com/errata/RHSA-2022:6152
RHSA-2022:6188 https://access.redhat.com/errata/RHSA-2022:6188
RHSA-2022:6283 https://access.redhat.com/errata/RHSA-2022:6283
RHSA-2022:6345 https://access.redhat.com/errata/RHSA-2022:6345
RHSA-2022:6346 https://access.redhat.com/errata/RHSA-2022:6346
RHSA-2022:6347 https://access.redhat.com/errata/RHSA-2022:6347
RHSA-2022:6348 https://access.redhat.com/errata/RHSA-2022:6348
RHSA-2022:6370 https://access.redhat.com/errata/RHSA-2022:6370
RHSA-2022:7519 https://access.redhat.com/errata/RHSA-2022:7519
RHSA-2022:7529 https://access.redhat.com/errata/RHSA-2022:7529
RHSA-2022:8057 https://access.redhat.com/errata/RHSA-2022:8057
RHSA-2022:9047 https://access.redhat.com/errata/RHSA-2022:9047
RHSA-2023:0407 https://access.redhat.com/errata/RHSA-2023:0407
RHSA-2023:0408 https://access.redhat.com/errata/RHSA-2023:0408
RHSA-2023:1042 https://access.redhat.com/errata/RHSA-2023:1042
RHSA-2023:2758 https://access.redhat.com/errata/RHSA-2023:2758
RHSA-2023:2802 https://access.redhat.com/errata/RHSA-2023:2802
RHSA-2023:3642 https://access.redhat.com/errata/RHSA-2023:3642
USN-6038-1 https://usn.ubuntu.com/6038-1/
USN-6038-2 https://usn.ubuntu.com/6038-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30633.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-30633
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-30633
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.17676
EPSS Score 0.00067
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.