Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2021-44716HistoryJan 01, 2022 - 5:15 a.m.
CVE-2021-44716
2022-01-0105:15:00
Debian Security Bug Tracker
security-tracker.debian.org
15
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
58.4%
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 10 | all | golang-1.11 | < 1.11.6-1+deb10u6 | golang-1.11_1.11.6-1+deb10u6_all.deb |
| Debian | 11 | all | golang-1.15 | < 1.15.15-1~deb11u2 | golang-1.15_1.15.15-1~deb11u2_all.deb |
| Debian | 12 | all | golang-golang-x-net | < 1:0.0+git20211209.491a49a+dfsg-1 | golang-golang-x-net_1:0.0+git20211209.491a49a+dfsg-1_all.deb |
| Debian | 11 | all | golang-golang-x-net | <= 1:0.0+git20210119.5f4716e+dfsg-4 | golang-golang-x-net_1:0.0+git20210119.5f4716e+dfsg-4_all.deb |
| Debian | 999 | all | golang-golang-x-net | < 1:0.0+git20211209.491a49a+dfsg-1 | golang-golang-x-net_1:0.0+git20211209.491a49a+dfsg-1_all.deb |
| Debian | 13 | all | golang-golang-x-net | < 1:0.0+git20211209.491a49a+dfsg-1 | golang-golang-x-net_1:0.0+git20211209.491a49a+dfsg-1_all.deb |
| Debian | 10 | all | golang-golang-x-net-dev | <= 1:0.0+git20181201.351d144+dfsg-3 | golang-golang-x-net-dev_1:0.0+git20181201.351d144+dfsg-3_all.deb |
Related
nessus
nessus
AlmaLinux 8 : grafana (ALSA-2022:0001)
2022-03-11 00:00:00
Oracle Linux 8 : grafana (ELSA-2022-0001)
2022-01-04 00:00:00
RHEL 8 : grafana (RHSA-2022:0002)
2022-01-03 00:00:00
github
github
Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints
2022-01-12 22:33:04
golang.org/x/net/http2 allows uncontrolled memory consumption
2022-01-02 00:00:48
osv
osv
BIT-golang-2021-44716
2024-03-06 11:03:30
golang.org/x/net/http2 allows uncontrolled memory consumption
2022-01-02 00:00:48
Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints
2022-01-12 22:33:04
ubuntucve
ubuntucve
CVE-2021-44716
2022-01-01 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-44716 affecting package moby-cli 20.10.27-2
2024-02-25 03:00:06
CVE-2021-44716 affecting package git-lfs 3.1.4-15
2024-02-14 17:05:34
CVE-2021-44716 affecting package csi-driver-lvm 0.4.1-14
2024-02-14 17:05:34
alpinelinux
alpinelinux
CVE-2021-44716
2022-01-01 05:15:00
redhatcve
redhatcve
CVE-2021-44716
2022-05-07 14:12:12
redhat
redhat
(RHSA-2022:1628) Important: web-admin-build security update
2022-04-27 10:41:42
(RHSA-2022:0002) Important: grafana security update
2022-01-03 07:30:41
(RHSA-2022:0001) Important: grafana security update
2022-01-03 07:30:31
almalinux
almalinux
Important: grafana security update
2022-01-03 07:30:31
Important: go-toolset:rhel8 security and bug fix update
2021-12-15 16:11:05
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container Operator and IntegrationServer operands may be vulnerable to denial of service due to CVE-2021-44716
2022-05-26 15:08:37
gitlab
gitlab
Uncontrolled Resource Consumption
2022-01-02 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-12-14 20:52:35
openvas
openvas
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1345)
2022-03-29 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:4169-1)
2021-12-24 00:00:00
openSUSE: Security Advisory for go1.16 (openSUSE-SU-2021:4169-1)
2022-02-08 00:00:00
cve
cve
CVE-2021-44716
2022-01-01 05:15:00
oraclelinux
oraclelinux
grafana security update
2022-01-04 00:00:00
go-toolset:ol8 security and bug fix update
2021-12-16 00:00:00
rocky
rocky
grafana security update
2022-01-03 07:30:31
go-toolset:rhel8 security and bug fix update
2021-12-15 16:11:05
prion
prion
Design/Logic Flaw
2022-01-01 05:15:00
suse
suse
Security update for go1.17 (moderate)
2021-12-23 00:00:00
Security update for go1.16 (moderate)
2021-12-26 00:00:00
Security update for go1.16 (moderate)
2021-12-23 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: grafana-7.5.11-3.fc35
2022-01-28 01:36:39
[SECURITY] Fedora 34 Update: golang-1.16.12-1.fc34
2021-12-30 01:43:52
[SECURITY] Fedora 35 Update: golang-1.16.12-1.fc35
2021-12-30 01:19:52
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.17.5-alt1
2021-12-09 00:00:00
mageia
mageia
Updated golang packages fix security vulnerability
2021-12-26 03:14:13
freebsd
freebsd
go -- multiple vulnerabilities
2021-12-08 00:00:00
debian
debian
[SECURITY] [DLA 2891-1] golang-1.8 security update
2022-01-21 22:02:40
[SECURITY] [DLA 2892-1] golang-1.7 security update
2022-01-21 22:02:47
[SECURITY] [DLA 3395-1] golang-1.11 security update
2023-04-19 21:42:48
amazon
amazon
Important: golang
2022-04-25 15:59:00
Important: golang
2022-04-25 03:47:00
Important: golang
2022-07-06 03:11:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0154
2022-02-07 00:00:00
Important Photon OS Security Update - PHSA-2022-0440
2022-02-07 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0154
2022-02-17 00:00:00
ics
ics
Siemens Brownfield Connectivity Gateway
2023-02-16 12:00:00
gentoo
gentoo
Go: Multiple Vulnerabilities
2022-08-04 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
58.4%
Related for DEBIANCVE:CVE-2021-44716