Lucene search

CVE-2022-41725

🗓️ 28 Feb 2023 18:10:15Reported by GoType

A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing can lead to memory and disk file consumption

Reporter	Title	Published	Views	Family All 199
Veracode	Denial Of Service (DoS)	18 Feb 202318:51	–	veracode
IBM Security Bulletins	Security Bulletin: A vulnerability in Go affects Data Replication on Cloud Pak for Data	28 Jun 202412:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operands and operator may be vulnerable to denial of service due to [CVE-2022-41725]	28 Apr 202311:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go (CVE-2022-41725)	27 Jul 202317:40	–	ibm
IBM Security Bulletins	Security Bulletin: Operations Dashboard is vulnerable to denial of service due to multiple vulnerabilities in Go	3 Apr 202313:23	–	ibm
IBM Security Bulletins	Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Go	3 Apr 202313:25	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to go modules used in nginx ( CVE-2023-24532, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723 )	8 Aug 202415:20	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Protect Server is vulnerable to denial of service attacks due to Golang Go (CVE-2023-24536, CVE-2023-24537, CVE-2022-41724, CVE-2022-41725)	21 Jun 202318:27	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in golang affect IBM Db2® REST	1 May 202314:59	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Golang Go may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2022-32149, CVE-2022-41721, CVE-2022-41723, CVE-2022-41724, CVE-2022-41725 and CVE-2023-24532)	9 Jan 202413:38	–	ibm

Nvd

Node

golang goRange<1.19.6

golang goMatch1.20.0-

golang goMatch1.20.0rc1

golang goMatch1.20.0rc2

golang goMatch1.20.0rc3

[
  {
    "vendor": "Go standard library",
    "product": "mime/multipart",
    "collectionURL": "https://pkg.go.dev",
    "packageName": "mime/multipart",
    "versions": [
      {
        "version": "0",
        "lessThan": "1.19.6",
        "status": "affected",
        "versionType": "semver"
      },
      {
        "version": "1.20.0-0",
        "lessThan": "1.20.1",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "programRoutines": [
      {
        "name": "Reader.ReadForm"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
go	www.go.dev/issue/58006
pkg	www.pkg.go.dev/vuln/GO-2023-1569
groups	www.groups.google.com/g/golang-announce/c/V0aBFqaFs_E
security	www.security.gentoo.org/glsa/202311-09
go	www.go.dev/cl/468124

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

28 Feb 2023 18:15Current

8.6High risk

Vulners AI Score8.6

CVSS37.5

EPSS0.00246

SSVC

CWE-770