The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.

References

access.redhat.com/errata/RHSA-2024:3352

access.redhat.com/errata/RHSA-2024:3467

access.redhat.com/security/cve/CVE-2024-4437

bugzilla.redhat.com/show_bug.cgi?id=2279361

cve 2

cvelist 2

redhatcve 2

vulnrichment 1

ubuntucve 2

debiancve 1

nessus 46

redhat 24

ibm 28

prion 1

cbl_mariner 24

nvd 1

almalinux 2

osv 12

alpinelinux 1

github 2

oraclelinux 2

rocky 2

veracode 1

gitlab 1

openvas 19

fedora 4

altlinux 1

freebsd 1

suse 3

mageia 1

photon 5

debian 3

amazon 3

ics 1

gentoo 1

cve

CVE-2024-4437

2024-05-08 09:15:09

CVE-2021-44716

2022-01-01 05:15:08

cvelist

CVE-2024-4437 Etcd: incomplete fix for cve-2021-44716 in openstack platform

2024-05-08 08:57:40

CVE-2021-44716

2022-01-01 00:00:00

redhatcve

CVE-2024-4437

2024-05-06 17:25:42

CVE-2021-44716

2022-05-07 14:12:12

vulnrichment

CVE-2024-4437 Etcd: incomplete fix for cve-2021-44716 in openstack platform

2024-05-08 08:57:40

ubuntucve

CVE-2024-4437

2024-05-08 00:00:00

CVE-2021-44716

2022-01-01 00:00:00

debiancve

CVE-2021-44716

2022-01-01 05:15:08

nessus

RHEL 8 : grafana (RHSA-2022:0001)

2022-01-03 00:00:00

Rocky Linux 8 : grafana (RLSA-2022:0001)

2023-11-07 00:00:00

Oracle Linux 8 : grafana (ELSA-2022-0001)

2022-01-04 00:00:00

redhat

(RHSA-2022:0587) Important: Service Telemetry Framework 1.3 (sg-core-container) security update

2022-02-21 13:46:03

(RHSA-2022:0002) Important: grafana security update

2022-01-03 07:30:41

(RHSA-2022:1628) Important: web-admin-build security update

2022-04-27 10:41:42

ibm

Security Bulletin: IBM DataPower Operator potentially vulnerable to Denial of Service (CVE-2021-44716)

2022-06-20 16:28:32

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to Go CVE-2021-44716

2022-05-05 14:22:01

Security Bulletin: IBM App Connect Enterprise Certified Container Operator and IntegrationServer operands may be vulnerable to denial of service due to CVE-2021-44716

2022-05-26 15:08:37

prion

Design/Logic Flaw

2022-01-01 05:15:00

cbl_mariner

CVE-2021-44716 affecting package golang 1.16.10-1

2022-01-26 22:53:50

CVE-2021-44716 affecting package local-path-provisioner for versions less than 0.0.21-16

2024-02-09 19:07:07

CVE-2021-44716 affecting package libcontainers-common for versions less than 20210626-3

2024-02-07 20:35:28

nvd

CVE-2021-44716

2022-01-01 05:15:08

almalinux

Important: grafana security update

2022-01-03 07:30:31

Important: go-toolset:rhel8 security and bug fix update

2021-12-15 16:11:05

osv

golang.org/x/net/http2 allows uncontrolled memory consumption

2022-01-02 00:00:48

BIT-golang-2021-44716

2024-03-06 11:03:30

Important: grafana security update

2022-01-03 07:30:31

alpinelinux

CVE-2021-44716

2022-01-01 05:15:08

github

Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints

2022-01-12 22:33:04

golang.org/x/net/http2 allows uncontrolled memory consumption

2022-01-02 00:00:48

oraclelinux

grafana security update

2022-01-04 00:00:00

go-toolset:ol8 security and bug fix update

2021-12-16 00:00:00

rocky

grafana security update

2022-01-03 07:30:31

go-toolset:rhel8 security and bug fix update

2021-12-15 16:11:05

veracode

Denial Of Service (DoS)

2021-12-14 20:52:35

gitlab

Uncontrolled Resource Consumption

2022-01-02 00:00:00

openvas

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1345)

2022-03-29 00:00:00

Fedora: Security Advisory for golang (FEDORA-2021-29943703de)

2022-01-01 00:00:00

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1487)

2022-04-20 00:00:00

fedora

[SECURITY] Fedora 34 Update: golang-1.16.12-1.fc34

2021-12-30 01:43:52

[SECURITY] Fedora 34 Update: grafana-7.5.11-3.fc34

2022-01-27 19:38:51

[SECURITY] Fedora 35 Update: golang-1.16.12-1.fc35

2021-12-30 01:19:52

altlinux

Security fix for the ALT Linux 10 package golang version 1.17.5-alt1

2021-12-09 00:00:00

freebsd

go -- multiple vulnerabilities

2021-12-08 00:00:00

suse

Security update for go1.16 (moderate)

2021-12-23 00:00:00

Security update for go1.17 (moderate)

2021-12-23 00:00:00

Security update for go1.16 (moderate)

2021-12-26 00:00:00

mageia

Updated golang packages fix security vulnerability

2021-12-26 03:14:13

photon

Important Photon OS Security Update - PHSA-2022-0154

2022-02-07 00:00:00

Important Photon OS Security Update - PHSA-2022-0440

2022-02-07 00:00:00

Important Photon OS Security Update - PHSA-2022-4.0-0154

2022-02-17 00:00:00

debian

[SECURITY] [DLA 2892-1] golang-1.7 security update

2022-01-21 22:02:47

[SECURITY] [DLA 2891-1] golang-1.8 security update

2022-01-21 22:02:40

[SECURITY] [DLA 3395-1] golang-1.11 security update

2023-04-19 21:42:48

amazon

Important: golang

2022-04-25 15:59:00

Important: golang

2022-07-06 03:11:00

Important: golang

2022-04-25 03:47:00

ics

Siemens Brownfield Connectivity Gateway

2023-02-16 12:00:00

gentoo

Go: Multiple Vulnerabilities

2022-08-04 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.5%

JSON

Related for NVD:CVE-2024-4437

cve2 cvelist2 redhatcve2 vulnrichment1 ubuntucve2 debiancve1 nessus46 redhat24 ibm28 prion1 cbl_mariner24 nvd1 almalinux2 osv12 alpinelinux1 github2 oraclelinux2 rocky2 veracode1 gitlab1 openvas19 fedora4 altlinux1 freebsd1 suse3 mageia1 photon5 debian3 amazon3 ics1 gentoo1