Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2022-41717

UNKNOWN
Published 2022-12-08T19:03:53.161Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-41717. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Go standard library

net/http

Affected Versions:

0 1.19.0-0
golang.org/x/net

golang.org/x/net/http2

Affected Versions:

0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

golang.org/x/net/http2 vulnerable to possible excessive memory growth

GHSA-xrjj-mj9h-534m

Advisory Details

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

Affected Packages

Go golang.org/x/net/http2
ECOSYSTEM: ≥0 <0.4.0
Go golang.org/x/net
ECOSYSTEM: ≥0 <0.4.0

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-41717
WEB https://security.gentoo.org/glsa/202311-09
WEB https://pkg.go.dev/vuln/GO-2022-1144
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2
WEB https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ
WEB https://go.dev/issue/56350
WEB https://go.dev/cl/455717
WEB https://go.dev/cl/455635
PACKAGE https://cs.opensource.google/go/x/net

Advisory provided by GitHub Security Advisory Database. Published: December 8, 2022, Modified: May 20, 2024

References

https://go.dev/issue/56350
https://go.dev/cl/455717
https://go.dev/cl/455635
https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ
https://pkg.go.dev/vuln/GO-2022-1144
https://lists.fedoraproject.org/archives/list/[email protected]/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/
https://lists.fedoraproject.org/archives/list/[email protected]/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/
https://lists.fedoraproject.org/archives/list/[email protected]/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/
https://lists.fedoraproject.org/archives/list/[email protected]/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/
https://lists.fedoraproject.org/archives/list/[email protected]/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/
https://lists.fedoraproject.org/archives/list/[email protected]/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/
https://lists.fedoraproject.org/archives/list/[email protected]/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/
https://lists.fedoraproject.org/archives/list/[email protected]/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/
https://lists.fedoraproject.org/archives/list/[email protected]/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/
https://lists.fedoraproject.org/archives/list/[email protected]/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/
https://lists.fedoraproject.org/archives/list/[email protected]/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/
https://lists.fedoraproject.org/archives/list/[email protected]/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/
https://security.gentoo.org/glsa/202311-09
https://lists.fedoraproject.org/archives/list/[email protected]/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/
https://lists.fedoraproject.org/archives/list/[email protected]/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/
https://lists.fedoraproject.org/archives/list/[email protected]/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/
https://lists.fedoraproject.org/archives/list/[email protected]/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/
Published: 2022-12-08T19:03:53.161Z
Last Modified: 2025-02-13T16:33:08.284Z
Copied to clipboard!