Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-41717

Опубликовано: 08 дек. 2022
Источник: debian
EPSS Низкий

Описание

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.19fixed1.19.4-1package
golang-1.18fixed1.18.9-1package
golang-1.15removedpackage
golang-1.15no-dsabullseyepackage
golang-1.11removedpackage
golang-1.11postponedbusterpackage
golang-golang-x-netfixed1:0.4.0+dfsg-1package
golang-golang-x-netno-dsabullseyepackage
golang-golang-x-net-devremovedpackage
golang-golang-x-net-devpostponedbusterpackage

Примечания

  • https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU

  • https://go.dev/issue/56350

  • https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27 (go1.19.4)

  • https://github.com/golang/go/commit/76cad4edc29d28432a7a0aa27e87385d3d7db7a1 (go1.18.9)

  • https://github.com/golang/net/commit/1e63c2f08a10a150fa02c50ece89b340ae64efe4 (v0.4.0)

EPSS

Процентиль: 67%
0.00541
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-41717

CVSS3: 5.3
ubuntu
около 3 лет назад

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

redhat логотип

CVE-2022-41717

CVSS3: 5.3
redhat
около 3 лет назад

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

nvd логотип

CVE-2022-41717

CVSS3: 5.3
nvd
около 3 лет назад

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

msrc логотип

CVE-2022-41717

CVSS3: 5.3
msrc
около 3 лет назад

Описание отсутствует

github логотип

GHSA-xrjj-mj9h-534m

CVSS3: 5.3
github
около 3 лет назад

golang.org/x/net/http2 vulnerable to possible excessive memory growth

EPSS

Процентиль: 67%
0.00541
Низкий