Lucene search
Alpine Linux Development TeamALPINE:CVE-2022-41723HistoryFeb 28, 2023 - 6:15 p.m.
CVE-2022-41723
2023-02-2818:15:09
Alpine Linux Development Team
security.alpinelinux.org
38
http/2 stream
denial of service
hpack decoder
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
AI Score
Confidence
High
0.024 Low
EPSS
Percentile
90.0%
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | edge-community | noarch | go | < 1.20.1-r0 | UNKNOWN |
| Alpine | edge-community | noarch | podman | < 4.4.3-r0 | UNKNOWN |
| Alpine | 3.17-community | noarch | go | < 1.19.6-r0 | UNKNOWN |
| Alpine | 3.18-community | noarch | go | < 1.20.1-r0 | UNKNOWN |
| Alpine | 3.18-community | noarch | podman | < 4.4.3-r0 | UNKNOWN |
| Alpine | 3.19-community | noarch | go | < 1.20.1-r0 | UNKNOWN |
| Alpine | 3.19-community | noarch | podman | < 4.4.3-r0 | UNKNOWN |
| Alpine | 3.20-community | noarch | go | < 1.20.1-r0 | UNKNOWN |
| Alpine | 3.20-community | noarch | podman | < 4.4.3-r0 | UNKNOWN |
Related
nessus
nessus
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2023-142)
2023-03-23 00:00:00
Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2023-337)
2023-09-08 00:00:00
Amazon Linux AMI : docker (ALAS-2023-1881)
2023-11-03 00:00:00
osv
osv
Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net
2023-02-16 22:31:36
BIT-golang-2022-41723
2024-03-06 10:57:47
golang.org/x/net vulnerable to Uncontrolled Resource Consumption
2023-02-17 14:00:02
fedora
fedora
[SECURITY] Fedora 37 Update: golang-github-cli-oauth-1.0.1-2.fc37
2023-04-20 02:54:37
[SECURITY] Fedora 37 Update: golang-github-cli-crypto-0-0.2.20230331git6be313f.fc37
2023-04-20 02:54:37
[SECURITY] Fedora 37 Update: golang-github-cenkalti-backoff-4.2.0-2.fc37
2023-04-20 02:54:37
cbl_mariner
cbl_mariner
CVE-2022-41723 affecting package telegraf for versions less than 1.26.0-2
2023-04-16 01:05:11
CVE-2022-41723 affecting package skopeo for versions less than 1.12.0-3
2023-08-30 15:15:49
CVE-2022-41723 affecting package kubevirt for versions less than 0.59.0-15
2024-03-21 08:09:05
openvas
openvas
ubuntucve
ubuntucve
CVE-2022-41723
2023-02-28 00:00:00
CVE-2024-4436
2024-05-08 00:00:00
redhatcve
redhatcve
CVE-2022-41723
2023-03-14 23:43:00
CVE-2024-4436
2024-05-06 17:25:37
debiancve
debiancve
CVE-2022-41723
2023-02-28 18:15:09
redos
redos
ROS-20231030-04
2023-10-30 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in Golang Go affect IBM Cloud Pak System [CVE-2022-41723]
2023-11-22 18:01:45
Security Bulletin: A vulnerability in Golang Go package affects Data Replication on Cloud Pak for Data
2023-11-07 21:20:47
Security Bulletin: CVE-2022-41723 may affect IBM CICS TX Advanced
2023-03-29 19:12:14
cgr
cgr
CVE-2022-41723 vulnerabilities
2024-05-19 03:07:16
redhat
redhat
amazon
amazon
Important: cni-plugins
2023-08-03 18:10:00
Important: rclone
2023-07-17 17:40:00
Important: docker
2023-10-30 23:31:00
veracode
veracode
Denial Of Service (DoS)
2023-02-18 18:10:53
Denial Of Service (DoS)
2023-02-26 12:22:40
github
github
golang.org/x/net vulnerable to Uncontrolled Resource Consumption
2023-02-17 14:00:02
gitlab
gitlab
Uncontrolled Resource Consumption
2023-02-17 00:00:00
cvelist
cvelist
wolfi
wolfi
CVE-2022-41723 vulnerabilities
2024-06-25 15:33:25
prion
prion
Code injection
2023-02-28 18:15:00
cve
cve
CVE-2022-41723
2023-02-28 18:15:09
CVE-2024-4436
2024-05-08 09:15:09
nvd
nvd
CVE-2022-41723
2023-02-28 18:15:09
CVE-2024-4436
2024-05-08 09:15:09
vulnrichment
vulnrichment
CVE-2024-4436 Etcd: incomplete fix for cve-2022-41723 in openstack platform
2024-05-08 08:57:12
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.19.6-alt1
2023-02-22 00:00:00
mageia
mageia
Updated golang packages fix security vulnerability
2023-03-24 08:55:49
freebsd
freebsd
go -- multiple vulnerabilities
2023-02-14 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
AI Score
Confidence
High
0.024 Low
EPSS
Percentile
90.0%
Related for ALPINE:CVE-2022-41723