Lucene search
HistoryFeb 28, 2023 - 6:15 p.m.
CVE-2022-41723
cve-2022-41723
http/2
denial of service
nvd
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 High
AI Score
Confidence
High
0.024 Low
EPSS
Percentile
90.0%
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
Affected configurations
Node
golanggoRange<1.19.6
ORgolanggoMatch1.20.0-
ORgolanghpackRange<0.7.0go
ORgolanghttp2Range<0.7.0go
| CPE | Name | Operator | Version |
|---|---|---|---|
| golang:go | golang go | lt | 1.19.6 |
| golang:go | golang go | eq | 1.20.0 |
| golang:hpack | golang hpack | lt | 0.7.0 |
| golang:http2 | golang http2 | lt | 0.7.0 |
CNA Affected
[
{
"vendor": "Go standard library",
"product": "net/http",
"collectionURL": "https://pkg.go.dev",
"packageName": "net/http",
"versions": [
{
"version": "0",
"lessThan": "1.19.6",
"status": "affected",
"versionType": "semver"
},
{
"version": "1.20.0-0",
"lessThan": "1.20.1",
"status": "affected",
"versionType": "semver"
}
],
"programRoutines": [
{
"name": "Transport.RoundTrip"
},
{
"name": "Server.Serve"
},
{
"name": "Client.Do"
},
{
"name": "Client.Get"
},
{
"name": "Client.Head"
},
{
"name": "Client.Post"
},
{
"name": "Client.PostForm"
},
{
"name": "Get"
},
{
"name": "Head"
},
{
"name": "ListenAndServe"
},
{
"name": "ListenAndServeTLS"
},
{
"name": "Post"
},
{
"name": "PostForm"
},
{
"name": "Serve"
},
{
"name": "ServeTLS"
},
{
"name": "Server.ListenAndServe"
},
{
"name": "Server.ListenAndServeTLS"
},
{
"name": "Server.ServeTLS"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "golang.org/x/net",
"product": "golang.org/x/net/http2",
"collectionURL": "https://pkg.go.dev",
"packageName": "golang.org/x/net/http2",
"versions": [
{
"version": "0",
"lessThan": "0.7.0",
"status": "affected",
"versionType": "semver"
}
],
"programRoutines": [
{
"name": "Transport.RoundTrip"
},
{
"name": "Server.ServeConn"
},
{
"name": "ClientConn.Close"
},
{
"name": "ClientConn.Ping"
},
{
"name": "ClientConn.RoundTrip"
},
{
"name": "ClientConn.Shutdown"
},
{
"name": "ConfigureServer"
},
{
"name": "ConfigureTransport"
},
{
"name": "ConfigureTransports"
},
{
"name": "ConnectionError.Error"
},
{
"name": "ErrCode.String"
},
{
"name": "FrameHeader.String"
},
{
"name": "FrameType.String"
},
{
"name": "FrameWriteRequest.String"
},
{
"name": "Framer.ReadFrame"
},
{
"name": "Framer.WriteContinuation"
},
{
"name": "Framer.WriteData"
},
{
"name": "Framer.WriteDataPadded"
},
{
"name": "Framer.WriteGoAway"
},
{
"name": "Framer.WriteHeaders"
},
{
"name": "Framer.WritePing"
},
{
"name": "Framer.WritePriority"
},
{
"name": "Framer.WritePushPromise"
},
{
"name": "Framer.WriteRSTStream"
},
{
"name": "Framer.WriteRawFrame"
},
{
"name": "Framer.WriteSettings"
},
{
"name": "Framer.WriteSettingsAck"
},
{
"name": "Framer.WriteWindowUpdate"
},
{
"name": "GoAwayError.Error"
},
{
"name": "ReadFrameHeader"
},
{
"name": "Setting.String"
},
{
"name": "SettingID.String"
},
{
"name": "SettingsFrame.ForeachSetting"
},
{
"name": "StreamError.Error"
},
{
"name": "Transport.CloseIdleConnections"
},
{
"name": "Transport.NewClientConn"
},
{
"name": "Transport.RoundTripOpt"
},
{
"name": "bufferedWriter.Flush"
},
{
"name": "bufferedWriter.Write"
},
{
"name": "chunkWriter.Write"
},
{
"name": "clientConnPool.GetClientConn"
},
{
"name": "connError.Error"
},
{
"name": "dataBuffer.Read"
},
{
"name": "duplicatePseudoHeaderError.Error"
},
{
"name": "gzipReader.Close"
},
{
"name": "gzipReader.Read"
},
{
"name": "headerFieldNameError.Error"
},
{
"name": "headerFieldValueError.Error"
},
{
"name": "noDialClientConnPool.GetClientConn"
},
{
"name": "noDialH2RoundTripper.RoundTrip"
},
{
"name": "pipe.Read"
},
{
"name": "priorityWriteScheduler.CloseStream"
},
{
"name": "priorityWriteScheduler.OpenStream"
},
{
"name": "pseudoHeaderError.Error"
},
{
"name": "requestBody.Close"
},
{
"name": "requestBody.Read"
},
{
"name": "responseWriter.Flush"
},
{
"name": "responseWriter.FlushError"
},
{
"name": "responseWriter.Push"
},
{
"name": "responseWriter.SetReadDeadline"
},
{
"name": "responseWriter.SetWriteDeadline"
},
{
"name": "responseWriter.Write"
},
{
"name": "responseWriter.WriteHeader"
},
{
"name": "responseWriter.WriteString"
},
{
"name": "serverConn.CloseConn"
},
{
"name": "serverConn.Flush"
},
{
"name": "stickyErrWriter.Write"
},
{
"name": "transportResponseBody.Close"
},
{
"name": "transportResponseBody.Read"
},
{
"name": "writeData.String"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "golang.org/x/net",
"product": "golang.org/x/net/http2/hpack",
"collectionURL": "https://pkg.go.dev",
"packageName": "golang.org/x/net/http2/hpack",
"versions": [
{
"version": "0",
"lessThan": "0.7.0",
"status": "affected",
"versionType": "semver"
}
],
"programRoutines": [
{
"name": "Decoder.parseFieldLiteral"
},
{
"name": "Decoder.readString"
},
{
"name": "Decoder.DecodeFull"
},
{
"name": "Decoder.Write"
}
],
"defaultStatus": "unaffected"
}
]References
go.dev/cl/468135
go.dev/cl/468295
go.dev/issue/57855
groups.google.com/g/golang-announce/c/V0aBFqaFs_E
lists.fedoraproject.org/archives/list/[email protected]/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/
lists.fedoraproject.org/archives/list/[email protected]/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/
lists.fedoraproject.org/archives/list/[email protected]/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/
lists.fedoraproject.org/archives/list/[email protected]/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/
lists.fedoraproject.org/archives/list/[email protected]/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/
lists.fedoraproject.org/archives/list/[email protected]/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/
lists.fedoraproject.org/archives/list/[email protected]/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/
pkg.go.dev/vuln/GO-2023-1571
security.gentoo.org/glsa/202311-09
www.couchbase.com/alerts/
Related
fedora
fedora
[SECURITY] Fedora 37 Update: golang-github-cli-crypto-0-0.2.20230331git6be313f.fc37
2023-04-20 02:54:37
[SECURITY] Fedora 37 Update: golang-github-cli-oauth-1.0.1-2.fc37
2023-04-20 02:54:37
[SECURITY] Fedora 37 Update: doctl-1.93.1-2.fc37
2023-04-22 00:55:39
osv
osv
Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net
2023-02-16 22:31:36
BIT-golang-2022-41723
2024-03-06 10:57:47
golang.org/x/net vulnerable to Uncontrolled Resource Consumption
2023-02-17 14:00:02
cbl_mariner
cbl_mariner
CVE-2022-41723 affecting package telegraf for versions less than 1.26.0-2
2023-04-16 01:05:11
CVE-2022-41723 affecting package skopeo for versions less than 1.12.0-3
2023-08-30 15:15:49
CVE-2022-41723 affecting package kubevirt for versions less than 0.59.0-15
2024-03-21 08:09:05
debiancve
debiancve
CVE-2022-41723
2023-02-28 18:15:09
redos
redos
ROS-20231030-04
2023-10-30 00:00:00
redhatcve
redhatcve
CVE-2022-41723
2023-03-14 23:43:00
CVE-2024-4436
2024-05-06 17:25:37
ubuntucve
ubuntucve
CVE-2022-41723
2023-02-28 00:00:00
CVE-2024-4436
2024-05-08 00:00:00
nessus
nessus
Fedora 39 : google-guest-agent (2023-ffa2112211)
2023-11-07 00:00:00
Amazon Linux AMI : docker (ALAS-2023-1881)
2023-11-03 00:00:00
Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2023-337)
2023-09-08 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in Golang Go affect IBM Cloud Pak System [CVE-2022-41723]
2023-11-22 18:01:45
Security Bulletin: A vulnerability in Golang Go package affects Data Replication on Cloud Pak for Data
2023-11-07 21:20:47
Security Bulletin: CVE-2022-41723 may affect IBM CICS TX Advanced
2023-03-29 19:12:14
openvas
openvas
Fedora: Security Advisory for skopeo (FEDORA-2023-28c182b657)
2023-04-13 00:00:00
cgr
cgr
CVE-2022-41723 vulnerabilities
2024-05-19 03:07:16
redhat
redhat
amazon
amazon
Important: cni-plugins
2023-08-03 18:10:00
Important: docker
2023-10-30 23:31:00
Important: rclone
2023-07-17 17:40:00
veracode
veracode
Denial Of Service (DoS)
2023-02-18 18:10:53
Denial Of Service (DoS)
2023-02-26 12:22:40
github
github
golang.org/x/net vulnerable to Uncontrolled Resource Consumption
2023-02-17 14:00:02
cvelist
cvelist
gitlab
gitlab
Uncontrolled Resource Consumption
2023-02-17 00:00:00
wolfi
wolfi
CVE-2022-41723 vulnerabilities
2024-06-29 09:08:33
nvd
nvd
CVE-2022-41723
2023-02-28 18:15:09
CVE-2024-4436
2024-05-08 09:15:09
alpinelinux
alpinelinux
CVE-2022-41723
2023-02-28 18:15:09
prion
prion
Code injection
2023-02-28 18:15:00
cve
cve
CVE-2024-4436
2024-05-08 09:15:09
vulnrichment
vulnrichment
CVE-2024-4436 Etcd: incomplete fix for cve-2022-41723 in openstack platform
2024-05-08 08:57:12
freebsd
freebsd
go -- multiple vulnerabilities
2023-02-14 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.19.6-alt1
2023-02-22 00:00:00
mageia
mageia
Updated golang packages fix security vulnerability
2023-03-24 08:55:49
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 High
AI Score
Confidence
High
0.024 Low
EPSS
Percentile
90.0%
Related for CVE-2022-41723