Golang Go’s net/http and x/net/http2 packages are used by IBM Storage Fusion as part of the its user interface and may be affacted by the CVE listed below. CVE-2023-45288.
CVEID:CVE-2023-45288
**DESCRIPTION:**Golang Go is vulnerable to a denial of service, caused by a memory exhaustion flaw due to flood of CONTINUATION frames in the HTTP/2 protocol stack in the net/http and x/net/http2 packages. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286962 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s)|**Version(s)
**
—|—
IBM Storage Fusion| 2.3.0 - 2.7.2
IBM strongly recommends addressing the vulnerability now.
Product(s) | **Version(s) number and/or range ** | Remediation/Fix/Instructions |
---|---|---|
IBM Storage Fusion | 2.3.0 - 2.7.2 | Upgrade to 2.8.0 - see README for upgrade instructions. |
NA
CPE | Name | Operator | Version |
---|---|---|---|
ibm storage fusion | eq | 2.8.0 |