EUVD-2023-0804

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Malicious HTTP/2 stream can overload HPACK decoder, causing denial of service with few requests.

Reporter	Title	Published	Views	Family All 635
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues	1 Dec 202316:06	–	ibm
IBM Security Bulletins	Security Bulletin: Mutiple Vulnerabilties affects IBM Watson Machine Learning Accelerator 3.5.0 for Cloud Pak for Data 4.6.5	8 Feb 202419:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to multiple ansible-operator and opm vulnerabilities	20 Feb 202419:29	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in GoLang Go and Kubernetes affect IBM watsonx.data	18 Sep 202416:17	–	ibm
IBM Security Bulletins	Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Go	3 Apr 202313:25	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to denial of service due to [CVE-2022-41723]	30 Nov 202313:02	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Golang Go affect watsonx.data	3 Sep 202420:23	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Pypa Setuptools, Golang Go, OpenSSH, Minio and Certifi may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift	26 Mar 202503:37	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Fusion and IBM Storage Fusion HCI may be vulnerable to denial of service and link following via Go-Yaml, kube-apiserver, Golang Go and Beego	29 Aug 202321:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is affected by multiple vulnerabilities in Golang Go	5 Jul 202321:52	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "22cf616a-c0a7-35db-abed-71238d0d1c01",
        "vendor": {
          "name": "Go standard library"
        }
      },
      {
        "id": "57e66fc4-3afb-34d5-9b25-5eb71b2238d5",
        "vendor": {
          "name": "golang.org/x/net"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "40746995-10bf-32f5-842c-439999b70c9d",
        "product": {
          "name": "golang.org/x/net/http2"
        },
        "product_version": "0 <0.7.0"
      },
      {
        "id": "72c41b58-d137-3e7b-b4e0-aa21628f8070",
        "product": {
          "name": "net/http"
        },
        "product_version": "1.20.0-0 <1.20.1"
      },
      {
        "id": "ce6e4c23-f7ad-395b-b702-5d2aacce90b9",
        "product": {
          "name": "golang.org/x/net/http2/hpack"
        },
        "product_version": "0 <0.7.0"
      },
      {
        "id": "ce6f1f2d-4aaf-342e-814c-c87c20023704",
        "product": {
          "name": "net/http"
        },
        "product_version": "0 <1.19.6"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-41723
go	www.go.dev/cl/468135
go	www.go.dev/cl/468295
go	www.go.dev/issue/57855
groups	www.groups.google.com/g/golang-announce/c/V0aBFqaFs_E
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE

03 Oct 2025 20:07Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.17.5

EPSS0.00226

SSVC