5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
0.003 Low
EPSS
Percentile
68.9%
A security vulnerability has been identified in IBM Spectrum Scale Data Access Services (DAS) where Golang Go is vulnerable to denial of service. A fix for this vulnerability is available.
CVEID:CVE-2022-41717
**DESCRIPTION:**Golang Go is vulnerable to a denial of service, caused by a flaw when handling HTTP/2 requests in the Go server. By sending a specially-crafted keys, a remote attacker could exploit this vulnerability to cause excessive memory growth, and results in a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241875 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Scale DAS | 5.1.5.0 - 5.1.6.0 |
For IBM Spectrum Scale Data Access Services (DAS) V5.1.5.0 - V5.1.6.0, install available V5.1.7.0 or newer by following the below IBM Documentation link:
h<https://www.ibm.com/docs/en/ssdas?topic=spectrum-scale-data-access-services-517>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum scale | eq | 5.1. |
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
0.003 Low
EPSS
Percentile
68.9%