Skip to main content

Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2022-30633

HIGH7.5

Stack exhaustion when unmarshaling certain documents in encoding/xml

Published Aug 9, 2022

Modified 1 years ago

No fix available

Details

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.

References

WEBhttps://go.dev/cl/417061 WEBhttps://go.dev/issue/53611 WEBhttps://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08 WEBhttps://groups.google.com/g/golang-announce/c/nqrv9fbR0zE WEBhttps://pkg.go.dev/vuln/GO-2022-0523 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2022-30633

CVSS Analysis

CVSS v3.1

7.5

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedAug 9, 2022

ModifiedAug 3, 2024

CVE-2022-30633 | Mondoo Vulnerability Intelligence