CVE-2022-41721

Опубликовано: 13 янв. 2023

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 7.5

Описание

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.

Релиз	Статус	Примечание
bionic	DNE
devel	not-affected	1:0.7.0+dfsg-1
esm-apps/jammy	not-affected	code not present
esm-infra/focal	DNE
focal	DNE
jammy	not-affected	code not present
kinetic	ignored	end of life, was needed
lunar	not-affected	1:0.7.0+dfsg-1
trusty	ignored	end of standard support
upstream	needs-triage

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	not-affected	code not present
esm-apps/bionic	not-affected	code not present
esm-apps/xenial	not-affected	code not present
esm-infra/focal	not-affected	code not present
focal	not-affected	code not present
jammy	not-affected	code not present
kinetic	not-affected	code not present
lunar	not-affected	code not present
trusty	DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 25%

0.00087

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2022-41721

CVSS3: 7.5

redhat

около 3 лет назад

CVE-2022-41721

CVSS3: 7.5

nvd

около 3 лет назад

CVE-2022-41721

CVSS3: 7.5

msrc

около 3 лет назад

Request smuggling due to improper request handling in golang.org/x/net/http2/h2c

CVE-2022-41721

CVSS3: 7.5

debian

около 3 лет назад

A request smuggling attack is possible when using MaxBytesHandler. Whe ...

GHSA-fxg5-wq6x-vr4w

CVSS3: 7.5

github

около 3 лет назад

golang.org/x/net/http2/h2c vulnerable to request smuggling attack

EPSS

Процентиль: 25%

0.00087

Низкий

7.5 High

CVSS3

CVE-2022-41721

Описание

Пакет golang-golang-x-net

Пакет google-guest-agent

Ссылки на источники

Связанные уязвимости