Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-41717

Опубликовано: 08 дек. 2022
Источник: debian

Описание

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.19fixed1.19.4-1package
golang-1.18fixed1.18.9-1package
golang-1.15removedpackage
golang-1.15no-dsabullseyepackage
golang-1.11removedpackage
golang-1.11postponedbusterpackage
golang-golang-x-netfixed1:0.4.0+dfsg-1package
golang-golang-x-netno-dsabullseyepackage
golang-golang-x-net-devremovedpackage
golang-golang-x-net-devpostponedbusterpackage

Примечания

  • https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU

  • https://go.dev/issue/56350

  • https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27 (go1.19.4)

  • https://github.com/golang/go/commit/76cad4edc29d28432a7a0aa27e87385d3d7db7a1 (go1.18.9)

  • https://github.com/golang/net/commit/1e63c2f08a10a150fa02c50ece89b340ae64efe4 (v0.4.0)

Связанные уязвимости

ubuntu логотип

CVE-2022-41717

CVSS3: 5.3
ubuntu
больше 2 лет назад

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

redhat логотип

CVE-2022-41717

CVSS3: 5.3
redhat
больше 2 лет назад

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

nvd логотип

CVE-2022-41717

CVSS3: 5.3
nvd
больше 2 лет назад

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

msrc логотип

CVE-2022-41717

CVSS3: 5.3
msrc
больше 2 лет назад

Описание отсутствует

github логотип

GHSA-xrjj-mj9h-534m

CVSS3: 5.3
github
больше 2 лет назад

golang.org/x/net/http2 vulnerable to possible excessive memory growth