[GO-2022-1144] Excessive memory growth in net/http and golang.org/x/net/http2
Severity
Medium
Affected Packages
3
Fixed Packages
3
CVEs
1
An attacker can cause excessive memory growth in a Go server accepting HTTP/2
requests.
HTTP/2 server connections contain a cache of HTTP header keys sent by the
client. While the total number of entries in this cache is capped, an attacker
sending very large keys can cause the server to allocate approximately 64 MiB
per open connection.
Package | Affected Version |
---|---|
pkg:golang/net/http | >= 1.19.3, < 1.18.9 |
pkg:golang/net/http | >= 1.19.3, < 1.19.4 |
pkg:golang/golang.org/x/net/http2 | >= 0.3.0, < 0.4.0 |
Package | Fixed Version |
---|---|
pkg:golang/net/http | = 1.18.9 |
pkg:golang/net/http | = 1.19.4 |
pkg:golang/golang.org/x/net/http2 | = 0.4.0 |
- ID
- GO-2022-1144
- Severity
- medium
- Severity from
- CVE-2022-41717
- URL
- https://pkg.go.dev/vuln/GO-2022-1144
- Published
-
2022-12-08T17:16:22
(21 months ago) - Modified
-
2024-07-17T19:54:18
(2 months ago) - Other Advisories
-
- ALAS-2023-1731
- ALAS-2023-1848
- ALAS2-2023-1926
- ALPINE:CVE-2022-41717
- ALSA-2023:2204
- ALSA-2023:2222
- ALSA-2023:2236
- ALSA-2023:2253
- ALSA-2023:2282
- ALSA-2023:2283
- ALSA-2023:2357
- ALSA-2023:2367
- ALSA-2023:2758
- ALSA-2023:2780
- ALSA-2023:2802
- ALSA-2023:2866
- ALSA-2023:6420
- ELSA-2023-18908
- ELSA-2023-2204
- ELSA-2023-2222
- ELSA-2023-2253
- ELSA-2023-2282
- ELSA-2023-2283
- ELSA-2023-2357
- ELSA-2023-2367
- ELSA-2023-2758
- ELSA-2023-2780
- ELSA-2023-2802
- ELSA-2023-2866
- ELSA-2023-6420
- FEDORA-2023-0c354a3f9a
- FEDORA-2023-0fa7715821
- FEDORA-2023-0fff8bc164
- FEDORA-2023-2663dc67d8
- FEDORA-2023-267503a090
- FEDORA-2023-2df9d60e4c
- FEDORA-2023-322314ad50
- FEDORA-2023-327346caa5
- FEDORA-2023-3baf3f43a0
- FEDORA-2023-3dba09f630
- FEDORA-2023-4e2068ba5d
- FEDORA-2023-5eca6a8326
- FEDORA-2023-62ce942e75
- FEDORA-2023-6550d9323b
- FEDORA-2023-6cfe7492c1
- FEDORA-2023-6d71ff268e
- FEDORA-2023-70eb8ba61e
- FEDORA-2023-74e5545901
- FEDORA-2023-8b700042ac
- FEDORA-2023-8c02aee138
- FEDORA-2023-8ecc0e487e
- FEDORA-2023-946dfaf17f
- FEDORA-2023-a5a5542890
- FEDORA-2023-aa7c75ed4a
- FEDORA-2023-abb47e24d8
- FEDORA-2023-ac4651c9b2
- FEDORA-2023-af2e3d1c18
- FEDORA-2023-c0149844e2
- FEDORA-2023-c9b2182a4e
- FEDORA-2023-ca444fdecf
- FEDORA-2023-cb3a59a3df
- FEDORA-2023-ce2836acfa
- FEDORA-2023-e16469fdec
- FEDORA-2023-e359fd31d2
- FEDORA-2023-e82fd2abcb
- FEDORA-2023-e8c27ba884
- FEDORA-2023-ee472c698c
- FEDORA-2023-f4bd7ab2f7
- FEDORA-2024-ae653fb07b
- FEDORA-2024-b85b97c0e9
- FEDORA-2024-fb32950d11
- FEDORA-2024-fd3545a844
- FREEBSD:6F5192F5-75A7-11ED-83C0-411D43CE7FE4
- GLSA-202311-09
- MS:CVE-2022-41717
- RHSA-2023:0328
- RHSA-2023:0446
- RHSA-2023:2204
- RHSA-2023:2222
- RHSA-2023:2236
- RHSA-2023:2253
- RHSA-2023:2282
- RHSA-2023:2283
- RHSA-2023:2357
- RHSA-2023:2367
- RHSA-2023:2758
- RHSA-2023:2780
- RHSA-2023:2802
- RHSA-2023:2866
- RHSA-2023:6420
- SUSE-SU-2022:4397-1
- SUSE-SU-2022:4398-1
- SUSE-SU-2023:2312-1
- USN-6038-1
- USN-6038-2
Source | # ID | Name | URL |
---|---|---|---|
Security Advisory | https://github.com/advisories/GHSA-xrjj-mj9h-534m |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Fixed | pkg:golang/net/http | net | http | = 1.18.9 | |||
Affected | pkg:golang/net/http | net | http | >= 1.19.3 < 1.18.9 | |||
Fixed | pkg:golang/net/http | net | http | = 1.19.4 | |||
Affected | pkg:golang/net/http | net | http | >= 1.19.3 < 1.19.4 | |||
Fixed | pkg:golang/golang.org/x/net/http2 | golang.org/x/net | http2 | = 0.4.0 | |||
Affected | pkg:golang/golang.org/x/net/http2 | golang.org/x/net | http2 | >= 0.3.0 < 0.4.0 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |