net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.

CPENameOperatorVersion
go/golang.org/x/net/http2lt0.0.0-20211209124913-491a49abca63

CPE	Name	Operator	Version
	go/golang.org/x/net/http2	lt	0.0.0-20211209124913-491a49abca63

References

github.com/advisories/GHSA-vc3p-29h2-gpcp

go.dev/cl/369794

go.dev/issue/50058

groups.google.com/g/golang-announce/c/hcmEScgc00k

lists.debian.org/debian-lts-announce/2022/01/msg00016.html

lists.debian.org/debian-lts-announce/2022/01/msg00017.html

nvd.nist.gov/vuln/detail/CVE-2021-44716

pkg.go.dev/vuln/GO-2022-0288

security.gentoo.org/glsa/202208-02

security.netapp.com/advisory/ntap-20220121-0002/

cve 2

nessus 46

redhat 24

veracode 1

osv 12

cbl_mariner 24

openvas 19

cvelist 2

debiancve 1

ibm 28

prion 1

nvd 2

redhatcve 2

almalinux 2

alpinelinux 1

ubuntucve 2

github 2

oraclelinux 2

rocky 2

fedora 4

altlinux 1

freebsd 1

suse 3

mageia 1

vulnrichment 1

photon 5

debian 3

amazon 3

ics 1

gentoo 1

cve

CVE-2021-44716

2022-01-01 05:15:08

CVE-2024-4437

2024-05-08 09:15:09

nessus

RHEL 8 : grafana (RHSA-2022:0002)

2022-01-03 00:00:00

RHEL 7 : web-admin-build (RHSA-2022:1628)

2022-04-27 00:00:00

RHEL 8 : grafana (RHSA-2022:0001)

2022-01-03 00:00:00

redhat

(RHSA-2022:0001) Important: grafana security update

2022-01-03 07:30:31

(RHSA-2022:0587) Important: Service Telemetry Framework 1.3 (sg-core-container) security update

2022-02-21 13:46:03

(RHSA-2022:0002) Important: grafana security update

2022-01-03 07:30:41

veracode

Denial Of Service (DoS)

2021-12-14 20:52:35

osv

Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints

2022-01-12 22:33:04

Unbounded memory growth in net/http and golang.org/x/net/http2

2022-07-15 23:08:33

Important: grafana security update

2022-01-03 07:30:31

cbl_mariner

CVE-2021-44716 affecting package kube-vip-cloud-provider for versions less than 0.0.2-16

2024-02-09 19:07:07

CVE-2021-44716 affecting package flannel for versions less than 0.14.0-21

2024-02-07 20:35:28

CVE-2021-44716 affecting package rook for versions less than 1.6.2-19

2024-02-25 03:00:06

openvas

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1345)

2022-03-29 00:00:00

Fedora: Security Advisory for golang (FEDORA-2021-29943703de)

2022-01-01 00:00:00

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1487)

2022-04-20 00:00:00

cvelist

CVE-2021-44716

2022-01-01 00:00:00

CVE-2024-4437 Etcd: incomplete fix for cve-2021-44716 in openstack platform

2024-05-08 08:57:40

debiancve

CVE-2021-44716

2022-01-01 05:15:08

ibm

Security Bulletin: IBM DataPower Operator potentially vulnerable to Denial of Service (CVE-2021-44716)

2022-06-20 16:28:32

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to Go CVE-2021-44716

2022-05-05 14:22:01

Security Bulletin: IBM App Connect Enterprise Certified Container Operator and IntegrationServer operands may be vulnerable to denial of service due to CVE-2021-44716

2022-05-26 15:08:37

prion

Design/Logic Flaw

2022-01-01 05:15:00

nvd

CVE-2021-44716

2022-01-01 05:15:08

CVE-2024-4437

2024-05-08 09:15:09

redhatcve

CVE-2021-44716

2022-05-07 14:12:12

CVE-2024-4437

2024-05-06 17:25:42

almalinux

Important: grafana security update

2022-01-03 07:30:31

Important: go-toolset:rhel8 security and bug fix update

2021-12-15 16:11:05

alpinelinux

CVE-2021-44716

2022-01-01 05:15:08

ubuntucve

CVE-2021-44716

2022-01-01 00:00:00

CVE-2024-4437

2024-05-08 00:00:00

github

Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints

2022-01-12 22:33:04

golang.org/x/net/http2 allows uncontrolled memory consumption

2022-01-02 00:00:48

oraclelinux

grafana security update

2022-01-04 00:00:00

go-toolset:ol8 security and bug fix update

2021-12-16 00:00:00

rocky

grafana security update

2022-01-03 07:30:31

go-toolset:rhel8 security and bug fix update

2021-12-15 16:11:05

fedora

[SECURITY] Fedora 35 Update: grafana-7.5.11-3.fc35

2022-01-28 01:36:39

[SECURITY] Fedora 34 Update: golang-1.16.12-1.fc34

2021-12-30 01:43:52

[SECURITY] Fedora 34 Update: grafana-7.5.11-3.fc34

2022-01-27 19:38:51

altlinux

Security fix for the ALT Linux 10 package golang version 1.17.5-alt1

2021-12-09 00:00:00

freebsd

go -- multiple vulnerabilities

2021-12-08 00:00:00

suse

Security update for go1.16 (moderate)

2021-12-23 00:00:00

Security update for go1.17 (moderate)

2021-12-23 00:00:00

Security update for go1.16 (moderate)

2021-12-26 00:00:00

mageia

Updated golang packages fix security vulnerability

2021-12-26 03:14:13

vulnrichment

CVE-2024-4437 Etcd: incomplete fix for cve-2021-44716 in openstack platform

2024-05-08 08:57:40

photon

Important Photon OS Security Update - PHSA-2022-0154

2022-02-07 00:00:00

Important Photon OS Security Update - PHSA-2022-0440

2022-02-07 00:00:00

Important Photon OS Security Update - PHSA-2022-4.0-0154

2022-02-17 00:00:00

debian

[SECURITY] [DLA 2892-1] golang-1.7 security update

2022-01-21 22:02:47

[SECURITY] [DLA 2891-1] golang-1.8 security update

2022-01-21 22:02:40

[SECURITY] [DLA 3395-1] golang-1.11 security update

2023-04-19 21:42:48

amazon

Important: golang

2022-04-25 15:59:00

Important: golang

2022-07-06 03:11:00

Important: golang

2022-04-25 03:47:00

ics

Siemens Brownfield Connectivity Gateway

2023-02-16 12:00:00

gentoo

Go: Multiple Vulnerabilities

2022-08-04 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.003 Low

EPSS

Percentile

69.5%

JSON

Related for GITLAB-858C0C2CB55205D95D36F2279B073965