Lucene search
GoCVELIST:CVE-2022-41723HistoryFeb 28, 2023 - 5:19 p.m.
CVE-2022-41723 Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net
2023-02-2817:19:45
Go
www.cve.org
10
denial of service
crafted http/2
hpack decoder
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
CNA Affected
[
{
"vendor": "Go standard library",
"product": "net/http",
"collectionURL": "https://pkg.go.dev",
"packageName": "net/http",
"versions": [
{
"version": "0",
"lessThan": "1.19.6",
"status": "affected",
"versionType": "semver"
},
{
"version": "1.20.0-0",
"lessThan": "1.20.1",
"status": "affected",
"versionType": "semver"
}
],
"programRoutines": [
{
"name": "Transport.RoundTrip"
},
{
"name": "Server.Serve"
},
{
"name": "Client.Do"
},
{
"name": "Client.Get"
},
{
"name": "Client.Head"
},
{
"name": "Client.Post"
},
{
"name": "Client.PostForm"
},
{
"name": "Get"
},
{
"name": "Head"
},
{
"name": "ListenAndServe"
},
{
"name": "ListenAndServeTLS"
},
{
"name": "Post"
},
{
"name": "PostForm"
},
{
"name": "Serve"
},
{
"name": "ServeTLS"
},
{
"name": "Server.ListenAndServe"
},
{
"name": "Server.ListenAndServeTLS"
},
{
"name": "Server.ServeTLS"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "golang.org/x/net",
"product": "golang.org/x/net/http2",
"collectionURL": "https://pkg.go.dev",
"packageName": "golang.org/x/net/http2",
"versions": [
{
"version": "0",
"lessThan": "0.7.0",
"status": "affected",
"versionType": "semver"
}
],
"programRoutines": [
{
"name": "Transport.RoundTrip"
},
{
"name": "Server.ServeConn"
},
{
"name": "ClientConn.Close"
},
{
"name": "ClientConn.Ping"
},
{
"name": "ClientConn.RoundTrip"
},
{
"name": "ClientConn.Shutdown"
},
{
"name": "ConfigureServer"
},
{
"name": "ConfigureTransport"
},
{
"name": "ConfigureTransports"
},
{
"name": "ConnectionError.Error"
},
{
"name": "ErrCode.String"
},
{
"name": "FrameHeader.String"
},
{
"name": "FrameType.String"
},
{
"name": "FrameWriteRequest.String"
},
{
"name": "Framer.ReadFrame"
},
{
"name": "Framer.WriteContinuation"
},
{
"name": "Framer.WriteData"
},
{
"name": "Framer.WriteDataPadded"
},
{
"name": "Framer.WriteGoAway"
},
{
"name": "Framer.WriteHeaders"
},
{
"name": "Framer.WritePing"
},
{
"name": "Framer.WritePriority"
},
{
"name": "Framer.WritePushPromise"
},
{
"name": "Framer.WriteRSTStream"
},
{
"name": "Framer.WriteRawFrame"
},
{
"name": "Framer.WriteSettings"
},
{
"name": "Framer.WriteSettingsAck"
},
{
"name": "Framer.WriteWindowUpdate"
},
{
"name": "GoAwayError.Error"
},
{
"name": "ReadFrameHeader"
},
{
"name": "Setting.String"
},
{
"name": "SettingID.String"
},
{
"name": "SettingsFrame.ForeachSetting"
},
{
"name": "StreamError.Error"
},
{
"name": "Transport.CloseIdleConnections"
},
{
"name": "Transport.NewClientConn"
},
{
"name": "Transport.RoundTripOpt"
},
{
"name": "bufferedWriter.Flush"
},
{
"name": "bufferedWriter.Write"
},
{
"name": "chunkWriter.Write"
},
{
"name": "clientConnPool.GetClientConn"
},
{
"name": "connError.Error"
},
{
"name": "dataBuffer.Read"
},
{
"name": "duplicatePseudoHeaderError.Error"
},
{
"name": "gzipReader.Close"
},
{
"name": "gzipReader.Read"
},
{
"name": "headerFieldNameError.Error"
},
{
"name": "headerFieldValueError.Error"
},
{
"name": "noDialClientConnPool.GetClientConn"
},
{
"name": "noDialH2RoundTripper.RoundTrip"
},
{
"name": "pipe.Read"
},
{
"name": "priorityWriteScheduler.CloseStream"
},
{
"name": "priorityWriteScheduler.OpenStream"
},
{
"name": "pseudoHeaderError.Error"
},
{
"name": "requestBody.Close"
},
{
"name": "requestBody.Read"
},
{
"name": "responseWriter.Flush"
},
{
"name": "responseWriter.FlushError"
},
{
"name": "responseWriter.Push"
},
{
"name": "responseWriter.SetReadDeadline"
},
{
"name": "responseWriter.SetWriteDeadline"
},
{
"name": "responseWriter.Write"
},
{
"name": "responseWriter.WriteHeader"
},
{
"name": "responseWriter.WriteString"
},
{
"name": "serverConn.CloseConn"
},
{
"name": "serverConn.Flush"
},
{
"name": "stickyErrWriter.Write"
},
{
"name": "transportResponseBody.Close"
},
{
"name": "transportResponseBody.Read"
},
{
"name": "writeData.String"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "golang.org/x/net",
"product": "golang.org/x/net/http2/hpack",
"collectionURL": "https://pkg.go.dev",
"packageName": "golang.org/x/net/http2/hpack",
"versions": [
{
"version": "0",
"lessThan": "0.7.0",
"status": "affected",
"versionType": "semver"
}
],
"programRoutines": [
{
"name": "Decoder.parseFieldLiteral"
},
{
"name": "Decoder.readString"
},
{
"name": "Decoder.DecodeFull"
},
{
"name": "Decoder.Write"
}
],
"defaultStatus": "unaffected"
}
]References
go.dev/cl/468135
go.dev/cl/468295
go.dev/issue/57855
groups.google.com/g/golang-announce/c/V0aBFqaFs_E
lists.fedoraproject.org/archives/list/[email protected]/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/
lists.fedoraproject.org/archives/list/[email protected]/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/
lists.fedoraproject.org/archives/list/[email protected]/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/
lists.fedoraproject.org/archives/list/[email protected]/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/
lists.fedoraproject.org/archives/list/[email protected]/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/
lists.fedoraproject.org/archives/list/[email protected]/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/
lists.fedoraproject.org/archives/list/[email protected]/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/
pkg.go.dev/vuln/GO-2023-1571
security.gentoo.org/glsa/202311-09
www.couchbase.com/alerts/
Related
ibm
ibm
Security Bulletin: CVE-2022-41723 may affect IBM CICS TX Advanced
2023-03-29 19:12:14
Security Bulletin: CVE-2022-41723 may affect IBM CICS TX Standard
2023-03-29 19:07:06
fedora
fedora
[SECURITY] Fedora 37 Update: skopeo-1.11.2-1.fc37
2023-04-12 01:34:16
[SECURITY] Fedora 37 Update: golang-github-cli-gh-1.2.1-2.fc37
2023-04-20 02:54:37
nessus
nessus
Fedora 38 : skopeo (2023-ccaf5538dd)
2023-04-15 00:00:00
Fedora 37 : gh / golang-github-cenkalti-backoff / golang-github-cli-crypto / etc (2023-cb20f08a4e)
2023-04-20 00:00:00
Fedora 37 : doctl / golang-github-digitalocean-godo (2023-3737bc1c0a)
2023-04-24 00:00:00
amazon
amazon
Important: cni-plugins
2023-08-03 18:10:00
Important: rclone
2023-07-17 17:40:00
Important: docker
2023-10-30 23:31:00
redhat
redhat
openvas
openvas
osv
osv
CGA-q6fm-wm37-mmvv
2024-06-06 12:28:58
CGA-fxmp-f2c7-xgg5
2024-06-06 12:27:17
CGA-7wrx-wmfg-5cp8
2024-06-06 12:25:04
cgr
cgr
CVE-2022-41723 vulnerabilities
2024-05-19 03:07:16
cbl_mariner
cbl_mariner
CVE-2022-41723 affecting package kubevirt for versions less than 0.59.0-15
2024-03-21 08:09:05
CVE-2022-41723 affecting package skopeo for versions less than 1.12.0-3
2023-08-30 15:15:49
CVE-2022-41723 affecting package telegraf for versions less than 1.26.0-2
2023-04-16 01:05:11
veracode
veracode
Denial Of Service (DoS)
2023-02-18 18:10:53
Denial Of Service (DoS)
2023-02-26 12:22:40
github
github
golang.org/x/net vulnerable to Uncontrolled Resource Consumption
2023-02-17 14:00:02
debiancve
debiancve
CVE-2022-41723
2023-02-28 18:15:09
ubuntucve
ubuntucve
CVE-2022-41723
2023-02-28 00:00:00
CVE-2024-4436
2024-05-08 00:00:00
redhatcve
redhatcve
CVE-2022-41723
2023-03-14 23:43:00
CVE-2024-4436
2024-05-06 17:25:37
redos
redos
ROS-20231030-04
2023-10-30 00:00:00
cve
cve
CVE-2022-41723
2023-02-28 18:15:09
CVE-2024-4436
2024-05-08 09:15:09
alpinelinux
alpinelinux
CVE-2022-41723
2023-02-28 18:15:09
prion
prion
Code injection
2023-02-28 18:15:00
nvd
nvd
CVE-2022-41723
2023-02-28 18:15:09
CVE-2024-4436
2024-05-08 09:15:09
gitlab
gitlab
Uncontrolled Resource Consumption
2023-02-17 00:00:00
wolfi
wolfi
CVE-2022-41723 vulnerabilities
2024-09-30 03:53:08
cvelist
cvelist
CVE-2024-4436 Etcd: incomplete fix for cve-2022-41723 in openstack platform
2024-05-08 08:57:12
vulnrichment
vulnrichment
CVE-2024-4436 Etcd: incomplete fix for cve-2022-41723 in openstack platform
2024-05-08 08:57:12