Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-41723

Опубликовано: 17 фев. 2023
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.

Отчет

Within OpenShift Container Platform, the maximum impact of this vulnerability is a denial of service against an individual container so the impact could not cascade across the entire infrastructure, this vulnerability is rated Moderate impact.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Custom Metric Autoscaler operator for Red Hat Openshiftcustom-metrics-autoscaler/custom-metrics-autoscaler-rhel8Not affected
Custom Metric Autoscaler operator for Red Hat Openshiftcustom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operatorNot affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/elasticsearch-proxy-rhel8Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/elasticsearch-rhel8-operatorNot affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/logging-loki-rhel9Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/lokistack-gateway-rhel8Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/opa-openshift-rhel8Not affected
Migration Toolkit for Applications 6mta/mta-admin-addon-rhel8Will not fix
Migration Toolkit for Applications 6mta/mta-windup-addon-rhel9Affected
Network Observability Operatornetwork-observability/network-observability-ebpf-agent-rhel8Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2178358golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

EPSS

Процентиль: 50%
0.00272
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-41723

CVSS3: 7.5
ubuntu
около 3 лет назад

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

nvd логотип

CVE-2022-41723

CVSS3: 7.5
nvd
около 3 лет назад

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

msrc логотип

CVE-2022-41723

CVSS3: 7.5
msrc
около 1 года назад

Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

debian логотип

CVE-2022-41723

CVSS3: 7.5
debian
около 3 лет назад

A maliciously crafted HTTP/2 stream could cause excessive CPU consumpt ...

github логотип

GHSA-vvpx-j8f3-3w6h

CVSS3: 7.5
github
около 3 лет назад

golang.org/x/net vulnerable to Uncontrolled Resource Consumption

EPSS

Процентиль: 50%
0.00272
Низкий

7.5 High

CVSS3