Описание
An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. Note: This has been disputed as a bug, not a security vulnerability, in the Caddy web server that emerged when an administrator's bad configuration containing a malformed request URI caused the server to return an empty reply instead of a valid HTTP response to the client.
Отчет
Red Hat Product Security does not consider this to be a vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Migration Toolkit for Containers | rhmtc/openshift-migration-controller-rhel8 | Not affected | ||
| Migration Toolkit for Containers | rhmtc/openshift-migration-velero-plugin-for-aws-rhel8 | Not affected | ||
| Migration Toolkit for Containers | rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8 | Not affected | ||
| Migration Toolkit for Containers | rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8 | Not affected | ||
| Migration Toolkit for Containers | rhmtc/openshift-migration-velero-restic-restore-helper-rhel8 | Not affected | ||
| Migration Toolkit for Containers | rhmtc/openshift-velero-plugin-rhel8 | Not affected | ||
| OpenShift API for Data Protection | oadp/oadp-kubevirt-velero-plugin-rhel9 | Not affected | ||
| OpenShift API for Data Protection | oadp/oadp-rhel8-operator | Not affected | ||
| OpenShift API for Data Protection | oadp/oadp-velero-plugin-for-aws-rhel9 | Not affected | ||
| OpenShift API for Data Protection | oadp/oadp-velero-plugin-for-csi-rhel8 | Not affected |
Показывать по
Дополнительная информация
EPSS
Связанные уязвимости
An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. Note: This has been disputed as a bug, not a security vulnerability, in the Caddy web server that emerged when an administrator's bad configuration containing a malformed request URI caused the server to return an empty reply instead of a valid HTTP response to the client.
Withdrawn Advisory: Out-of-bounds Read can lead to client side denial of service
EPSS