Lucene search
+L

CVE-2023-45288 HTTP/2 CONTINUATION flood in net/http

🗓️ 04 Apr 2024 20:37:30Reported by GoType 
cvelist
 cvelist
🔗 www.cve.org👁 26 Views

HTTP/2 CONTINUATION flood allows reading arbitrary header dat

Related
Affected
Refs
ReporterTitlePublishedViews
Family
OSV
CGA-PP7X-9Q96-GFR3
6 Jun 202412:28
osv
OSV
CGA-PQFP-Q9G3-F4FM
6 Jun 202412:28
osv
OSV
CGA-PR72-6W2J-M3P4
6 Jun 202412:28
osv
OSV
CGA-PRFP-VC2H-7JF5
6 Jun 202412:28
osv
OSV
CGA-PVM6-H93V-9372
6 Jun 202412:26
osv
OSV
CGA-PW94-JQ5P-QQ98
6 Jun 202412:28
osv
OSV
CGA-PX28-P57F-5XQ8
6 Jun 202412:28
osv
OSV
CGA-PX79-GJFW-MH96
6 Jun 202412:26
osv
OSV
CGA-PXX3-2F9C-5GJH
31 Mar 202516:05
osv
OSV
CGA-Q2Q3-JC39-FV36
6 Jun 202412:26
osv
Rows per page
[
  {
    "vendor": "Go standard library",
    "product": "net/http",
    "collectionURL": "https://pkg.go.dev",
    "packageName": "net/http",
    "versions": [
      {
        "version": "0",
        "lessThan": "1.21.9",
        "status": "affected",
        "versionType": "semver"
      },
      {
        "version": "1.22.0-0",
        "lessThan": "1.22.2",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "programRoutines": [
      {
        "name": "http2Framer.readMetaFrame"
      },
      {
        "name": "CanonicalHeaderKey"
      },
      {
        "name": "Client.CloseIdleConnections"
      },
      {
        "name": "Client.Do"
      },
      {
        "name": "Client.Get"
      },
      {
        "name": "Client.Head"
      },
      {
        "name": "Client.Post"
      },
      {
        "name": "Client.PostForm"
      },
      {
        "name": "Cookie.String"
      },
      {
        "name": "Cookie.Valid"
      },
      {
        "name": "Dir.Open"
      },
      {
        "name": "Error"
      },
      {
        "name": "Get"
      },
      {
        "name": "HandlerFunc.ServeHTTP"
      },
      {
        "name": "Head"
      },
      {
        "name": "Header.Add"
      },
      {
        "name": "Header.Del"
      },
      {
        "name": "Header.Get"
      },
      {
        "name": "Header.Set"
      },
      {
        "name": "Header.Values"
      },
      {
        "name": "Header.Write"
      },
      {
        "name": "Header.WriteSubset"
      },
      {
        "name": "ListenAndServe"
      },
      {
        "name": "ListenAndServeTLS"
      },
      {
        "name": "NewRequest"
      },
      {
        "name": "NewRequestWithContext"
      },
      {
        "name": "NotFound"
      },
      {
        "name": "ParseTime"
      },
      {
        "name": "Post"
      },
      {
        "name": "PostForm"
      },
      {
        "name": "ProxyFromEnvironment"
      },
      {
        "name": "ReadRequest"
      },
      {
        "name": "ReadResponse"
      },
      {
        "name": "Redirect"
      },
      {
        "name": "Request.AddCookie"
      },
      {
        "name": "Request.BasicAuth"
      },
      {
        "name": "Request.FormFile"
      },
      {
        "name": "Request.FormValue"
      },
      {
        "name": "Request.MultipartReader"
      },
      {
        "name": "Request.ParseForm"
      },
      {
        "name": "Request.ParseMultipartForm"
      },
      {
        "name": "Request.PostFormValue"
      },
      {
        "name": "Request.Referer"
      },
      {
        "name": "Request.SetBasicAuth"
      },
      {
        "name": "Request.UserAgent"
      },
      {
        "name": "Request.Write"
      },
      {
        "name": "Request.WriteProxy"
      },
      {
        "name": "Response.Cookies"
      },
      {
        "name": "Response.Location"
      },
      {
        "name": "Response.Write"
      },
      {
        "name": "ResponseController.EnableFullDuplex"
      },
      {
        "name": "ResponseController.Flush"
      },
      {
        "name": "ResponseController.Hijack"
      },
      {
        "name": "ResponseController.SetReadDeadline"
      },
      {
        "name": "ResponseController.SetWriteDeadline"
      },
      {
        "name": "Serve"
      },
      {
        "name": "ServeContent"
      },
      {
        "name": "ServeFile"
      },
      {
        "name": "ServeMux.ServeHTTP"
      },
      {
        "name": "ServeTLS"
      },
      {
        "name": "Server.Close"
      },
      {
        "name": "Server.ListenAndServe"
      },
      {
        "name": "Server.ListenAndServeTLS"
      },
      {
        "name": "Server.Serve"
      },
      {
        "name": "Server.ServeTLS"
      },
      {
        "name": "Server.SetKeepAlivesEnabled"
      },
      {
        "name": "Server.Shutdown"
      },
      {
        "name": "SetCookie"
      },
      {
        "name": "Transport.CancelRequest"
      },
      {
        "name": "Transport.Clone"
      },
      {
        "name": "Transport.CloseIdleConnections"
      },
      {
        "name": "Transport.RoundTrip"
      },
      {
        "name": "body.Close"
      },
      {
        "name": "body.Read"
      },
      {
        "name": "bodyEOFSignal.Close"
      },
      {
        "name": "bodyEOFSignal.Read"
      },
      {
        "name": "bodyLocked.Read"
      },
      {
        "name": "bufioFlushWriter.Write"
      },
      {
        "name": "cancelTimerBody.Close"
      },
      {
        "name": "cancelTimerBody.Read"
      },
      {
        "name": "checkConnErrorWriter.Write"
      },
      {
        "name": "chunkWriter.Write"
      },
      {
        "name": "connReader.Read"
      },
      {
        "name": "connectMethodKey.String"
      },
      {
        "name": "expectContinueReader.Close"
      },
      {
        "name": "expectContinueReader.Read"
      },
      {
        "name": "extraHeader.Write"
      },
      {
        "name": "fileHandler.ServeHTTP"
      },
      {
        "name": "fileTransport.RoundTrip"
      },
      {
        "name": "globalOptionsHandler.ServeHTTP"
      },
      {
        "name": "gzipReader.Close"
      },
      {
        "name": "gzipReader.Read"
      },
      {
        "name": "http2ClientConn.Close"
      },
      {
        "name": "http2ClientConn.Ping"
      },
      {
        "name": "http2ClientConn.RoundTrip"
      },
      {
        "name": "http2ClientConn.Shutdown"
      },
      {
        "name": "http2ConnectionError.Error"
      },
      {
        "name": "http2ErrCode.String"
      },
      {
        "name": "http2FrameHeader.String"
      },
      {
        "name": "http2FrameType.String"
      },
      {
        "name": "http2FrameWriteRequest.String"
      },
      {
        "name": "http2Framer.ReadFrame"
      },
      {
        "name": "http2Framer.WriteContinuation"
      },
      {
        "name": "http2Framer.WriteData"
      },
      {
        "name": "http2Framer.WriteDataPadded"
      },
      {
        "name": "http2Framer.WriteGoAway"
      },
      {
        "name": "http2Framer.WriteHeaders"
      },
      {
        "name": "http2Framer.WritePing"
      },
      {
        "name": "http2Framer.WritePriority"
      },
      {
        "name": "http2Framer.WritePushPromise"
      },
      {
        "name": "http2Framer.WriteRSTStream"
      },
      {
        "name": "http2Framer.WriteRawFrame"
      },
      {
        "name": "http2Framer.WriteSettings"
      },
      {
        "name": "http2Framer.WriteSettingsAck"
      },
      {
        "name": "http2Framer.WriteWindowUpdate"
      },
      {
        "name": "http2GoAwayError.Error"
      },
      {
        "name": "http2Server.ServeConn"
      },
      {
        "name": "http2Setting.String"
      },
      {
        "name": "http2SettingID.String"
      },
      {
        "name": "http2SettingsFrame.ForeachSetting"
      },
      {
        "name": "http2StreamError.Error"
      },
      {
        "name": "http2Transport.CloseIdleConnections"
      },
      {
        "name": "http2Transport.NewClientConn"
      },
      {
        "name": "http2Transport.RoundTrip"
      },
      {
        "name": "http2Transport.RoundTripOpt"
      },
      {
        "name": "http2bufferedWriter.Flush"
      },
      {
        "name": "http2bufferedWriter.Write"
      },
      {
        "name": "http2chunkWriter.Write"
      },
      {
        "name": "http2clientConnPool.GetClientConn"
      },
      {
        "name": "http2connError.Error"
      },
      {
        "name": "http2dataBuffer.Read"
      },
      {
        "name": "http2duplicatePseudoHeaderError.Error"
      },
      {
        "name": "http2gzipReader.Close"
      },
      {
        "name": "http2gzipReader.Read"
      },
      {
        "name": "http2headerFieldNameError.Error"
      },
      {
        "name": "http2headerFieldValueError.Error"
      },
      {
        "name": "http2noDialClientConnPool.GetClientConn"
      },
      {
        "name": "http2noDialH2RoundTripper.RoundTrip"
      },
      {
        "name": "http2pipe.Read"
      },
      {
        "name": "http2priorityWriteScheduler.CloseStream"
      },
      {
        "name": "http2priorityWriteScheduler.OpenStream"
      },
      {
        "name": "http2pseudoHeaderError.Error"
      },
      {
        "name": "http2requestBody.Close"
      },
      {
        "name": "http2requestBody.Read"
      },
      {
        "name": "http2responseWriter.Flush"
      },
      {
        "name": "http2responseWriter.FlushError"
      },
      {
        "name": "http2responseWriter.Push"
      },
      {
        "name": "http2responseWriter.SetReadDeadline"
      },
      {
        "name": "http2responseWriter.SetWriteDeadline"
      },
      {
        "name": "http2responseWriter.Write"
      },
      {
        "name": "http2responseWriter.WriteHeader"
      },
      {
        "name": "http2responseWriter.WriteString"
      },
      {
        "name": "http2roundRobinWriteScheduler.OpenStream"
      },
      {
        "name": "http2serverConn.CloseConn"
      },
      {
        "name": "http2serverConn.Flush"
      },
      {
        "name": "http2stickyErrWriter.Write"
      },
      {
        "name": "http2transportResponseBody.Close"
      },
      {
        "name": "http2transportResponseBody.Read"
      },
      {
        "name": "http2writeData.String"
      },
      {
        "name": "initALPNRequest.ServeHTTP"
      },
      {
        "name": "loggingConn.Close"
      },
      {
        "name": "loggingConn.Read"
      },
      {
        "name": "loggingConn.Write"
      },
      {
        "name": "maxBytesReader.Close"
      },
      {
        "name": "maxBytesReader.Read"
      },
      {
        "name": "onceCloseListener.Close"
      },
      {
        "name": "persistConn.Read"
      },
      {
        "name": "persistConnWriter.ReadFrom"
      },
      {
        "name": "persistConnWriter.Write"
      },
      {
        "name": "populateResponse.Write"
      },
      {
        "name": "populateResponse.WriteHeader"
      },
      {
        "name": "readTrackingBody.Close"
      },
      {
        "name": "readTrackingBody.Read"
      },
      {
        "name": "readWriteCloserBody.Read"
      },
      {
        "name": "redirectHandler.ServeHTTP"
      },
      {
        "name": "response.Flush"
      },
      {
        "name": "response.FlushError"
      },
      {
        "name": "response.Hijack"
      },
      {
        "name": "response.ReadFrom"
      },
      {
        "name": "response.Write"
      },
      {
        "name": "response.WriteHeader"
      },
      {
        "name": "response.WriteString"
      },
      {
        "name": "serverHandler.ServeHTTP"
      },
      {
        "name": "socksDialer.DialWithConn"
      },
      {
        "name": "socksUsernamePassword.Authenticate"
      },
      {
        "name": "stringWriter.WriteString"
      },
      {
        "name": "timeoutHandler.ServeHTTP"
      },
      {
        "name": "timeoutWriter.Write"
      },
      {
        "name": "timeoutWriter.WriteHeader"
      },
      {
        "name": "transportReadFromServerError.Error"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "golang.org/x/net",
    "product": "golang.org/x/net/http2",
    "collectionURL": "https://pkg.go.dev",
    "packageName": "golang.org/x/net/http2",
    "versions": [
      {
        "version": "0",
        "lessThan": "0.23.0",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "programRoutines": [
      {
        "name": "Framer.readMetaFrame"
      },
      {
        "name": "ClientConn.Close"
      },
      {
        "name": "ClientConn.Ping"
      },
      {
        "name": "ClientConn.RoundTrip"
      },
      {
        "name": "ClientConn.Shutdown"
      },
      {
        "name": "ConfigureServer"
      },
      {
        "name": "ConfigureTransport"
      },
      {
        "name": "ConfigureTransports"
      },
      {
        "name": "ConnectionError.Error"
      },
      {
        "name": "ErrCode.String"
      },
      {
        "name": "FrameHeader.String"
      },
      {
        "name": "FrameType.String"
      },
      {
        "name": "FrameWriteRequest.String"
      },
      {
        "name": "Framer.ReadFrame"
      },
      {
        "name": "Framer.WriteContinuation"
      },
      {
        "name": "Framer.WriteData"
      },
      {
        "name": "Framer.WriteDataPadded"
      },
      {
        "name": "Framer.WriteGoAway"
      },
      {
        "name": "Framer.WriteHeaders"
      },
      {
        "name": "Framer.WritePing"
      },
      {
        "name": "Framer.WritePriority"
      },
      {
        "name": "Framer.WritePushPromise"
      },
      {
        "name": "Framer.WriteRSTStream"
      },
      {
        "name": "Framer.WriteRawFrame"
      },
      {
        "name": "Framer.WriteSettings"
      },
      {
        "name": "Framer.WriteSettingsAck"
      },
      {
        "name": "Framer.WriteWindowUpdate"
      },
      {
        "name": "GoAwayError.Error"
      },
      {
        "name": "ReadFrameHeader"
      },
      {
        "name": "Server.ServeConn"
      },
      {
        "name": "Setting.String"
      },
      {
        "name": "SettingID.String"
      },
      {
        "name": "SettingsFrame.ForeachSetting"
      },
      {
        "name": "StreamError.Error"
      },
      {
        "name": "Transport.CloseIdleConnections"
      },
      {
        "name": "Transport.NewClientConn"
      },
      {
        "name": "Transport.RoundTrip"
      },
      {
        "name": "Transport.RoundTripOpt"
      },
      {
        "name": "bufferedWriter.Flush"
      },
      {
        "name": "bufferedWriter.Write"
      },
      {
        "name": "chunkWriter.Write"
      },
      {
        "name": "clientConnPool.GetClientConn"
      },
      {
        "name": "connError.Error"
      },
      {
        "name": "dataBuffer.Read"
      },
      {
        "name": "duplicatePseudoHeaderError.Error"
      },
      {
        "name": "gzipReader.Close"
      },
      {
        "name": "gzipReader.Read"
      },
      {
        "name": "headerFieldNameError.Error"
      },
      {
        "name": "headerFieldValueError.Error"
      },
      {
        "name": "noDialClientConnPool.GetClientConn"
      },
      {
        "name": "noDialH2RoundTripper.RoundTrip"
      },
      {
        "name": "pipe.Read"
      },
      {
        "name": "priorityWriteScheduler.CloseStream"
      },
      {
        "name": "priorityWriteScheduler.OpenStream"
      },
      {
        "name": "pseudoHeaderError.Error"
      },
      {
        "name": "requestBody.Close"
      },
      {
        "name": "requestBody.Read"
      },
      {
        "name": "responseWriter.Flush"
      },
      {
        "name": "responseWriter.FlushError"
      },
      {
        "name": "responseWriter.Push"
      },
      {
        "name": "responseWriter.SetReadDeadline"
      },
      {
        "name": "responseWriter.SetWriteDeadline"
      },
      {
        "name": "responseWriter.Write"
      },
      {
        "name": "responseWriter.WriteHeader"
      },
      {
        "name": "responseWriter.WriteString"
      },
      {
        "name": "roundRobinWriteScheduler.OpenStream"
      },
      {
        "name": "serverConn.CloseConn"
      },
      {
        "name": "serverConn.Flush"
      },
      {
        "name": "stickyErrWriter.Write"
      },
      {
        "name": "transportResponseBody.Close"
      },
      {
        "name": "transportResponseBody.Read"
      },
      {
        "name": "writeData.String"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

01 May 2024 17:10Current
6.1Medium risk
Vulners AI Score6.1
EPSS0.91969
26