Описание
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai/assisted-installer-agent-rhel9 | Under investigation | ||
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai/assisted-installer-controller-rhel9 | Under investigation | ||
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai/assisted-installer-rhel9 | Under investigation | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-controller-rhel9 | Under investigation | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-git-cloner-rhel9 | Under investigation | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-image-bundler-rhel9 | Under investigation | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-image-processing-rhel9 | Under investigation | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-rhel9-operator | Under investigation | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-shared-resource-rhel9 | Under investigation | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-shared-resource-webhook-rhel9 | Under investigation |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
Lack of limit when parsing cookies can cause memory exhaustion in net/http
Despite HTTP headers having a default limit of 1MB, the number of cook ...
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
EPSS
5.3 Medium
CVSS3