Lucene search

Basic search
Lucene search
Search by product

Database

Vendors

GoogleOSV:GO-2022-0288

HistoryJul 15, 2022 - 11:08 p.m.

Unbounded memory growth in net/http and golang.org/x/net/http2

2022-07-1523:08:33

Google

osv.dev

7.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.3%

JSON

An attacker can cause unbounded memory growth in servers accepting HTTP/2 requests.

CPENameOperatorVersion
stdliblt1.17.5
stdlibge1.17.0-0
golang.org/x/netlt0.0.0-20211209124913-491a49abca63
stdliblt1.16.12

Name	Operator	Version
stdlib	lt	1.17.5
stdlib	ge	1.17.0-0
golang.org/x/net	lt	0.0.0-20211209124913-491a49abca63
stdlib	lt	1.16.12

References

go.dev/cl/369794

go.dev/issue/50058

groups.google.com/g/golang-announce/c/hcmEScgc00k

nessus 44

github 2

osv 11

ubuntucve 2

ibm 30

almalinux 2

redhat 25

redhatcve 2

alpinelinux 1

cbl_mariner 24

gitlab 1

veracode 1

cvelist 2

cve 2

openvas 19

oraclelinux 2

rocky 2

prion 1

debiancve 1

suse 3

altlinux 1

fedora 4

freebsd 1

mageia 1

photon 7

debian 3

amazon 3

ics 1

gentoo 1

nessus

AlmaLinux 8 : grafana (ALSA-2022:0001)

2022-03-11 00:00:00

Oracle Linux 8 : grafana (ELSA-2022-0001)

2022-01-04 00:00:00

RHEL 7 : web-admin-build (RHSA-2022:1628)

2022-04-27 00:00:00

github

Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints

2022-01-12 22:33:04

golang.org/x/net/http2 allows uncontrolled memory consumption

2022-01-02 00:00:48

osv

BIT-golang-2021-44716

2024-03-06 11:03:30

golang.org/x/net/http2 allows uncontrolled memory consumption

2022-01-02 00:00:48

CVE-2021-44716

2022-01-01 05:15:08

ubuntucve

CVE-2021-44716

2022-01-01 00:00:00

CVE-2024-4437

2024-05-08 00:00:00

ibm

Security Bulletin: IBM App Connect Enterprise Certified Container Operator and IntegrationServer operands may be vulnerable to denial of service due to CVE-2021-44716

2022-05-26 15:08:37

Security Bulletin: IBM DataPower Operator potentially vulnerable to Denial of Service (CVE-2021-44716)

2022-06-20 16:28:32

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to Go CVE-2021-44716

2022-05-05 14:22:01

almalinux

Important: grafana security update

2022-01-03 07:30:31

Important: go-toolset:rhel8 security and bug fix update

2021-12-15 16:11:05

redhat

(RHSA-2022:0002) Important: grafana security update

2022-01-03 07:30:41

(RHSA-2022:1628) Important: web-admin-build security update

2022-04-27 10:41:42

(RHSA-2022:0001) Important: grafana security update

2022-01-03 07:30:31

redhatcve

CVE-2021-44716

2022-05-07 14:12:12

CVE-2024-4437

2024-05-06 17:25:42

alpinelinux

CVE-2021-44716

2022-01-01 05:15:00

cbl_mariner

CVE-2021-44716 affecting package cri-o for versions less than 1.21.7-2

2024-04-30 01:31:53

CVE-2021-44716 affecting package moby-cli for versions less than 20.10.27-5

2024-02-25 03:00:06

CVE-2021-44716 affecting package git-lfs for versions less than 3.1.4-17

2024-02-14 17:05:34

gitlab

Uncontrolled Resource Consumption

2022-01-02 00:00:00

veracode

Denial Of Service (DoS)

2021-12-14 20:52:35

cvelist

CVE-2021-44716

2022-01-01 00:00:00

CVE-2024-4437 Etcd: incomplete fix for cve-2021-44716 in openstack platform

2024-05-08 08:57:40

cve

CVE-2021-44716

2022-01-01 05:15:00

CVE-2024-4437

2024-05-08 09:15:09

openvas

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1345)

2022-03-29 00:00:00

SUSE: Security Advisory (SUSE-SU-2021:4169-1)

2021-12-24 00:00:00

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1487)

2022-04-20 00:00:00

oraclelinux

grafana security update

2022-01-04 00:00:00

go-toolset:ol8 security and bug fix update

2021-12-16 00:00:00

rocky

grafana security update

2022-01-03 07:30:31

go-toolset:rhel8 security and bug fix update

2021-12-15 16:11:05

prion

Design/Logic Flaw

2022-01-01 05:15:00

debiancve

CVE-2021-44716

2022-01-01 05:15:00

suse

Security update for go1.17 (moderate)

2021-12-23 00:00:00

Security update for go1.16 (moderate)

2021-12-26 00:00:00

Security update for go1.16 (moderate)

2021-12-23 00:00:00

altlinux

Security fix for the ALT Linux 10 package golang version 1.17.5-alt1

2021-12-09 00:00:00

fedora

[SECURITY] Fedora 34 Update: golang-1.16.12-1.fc34

2021-12-30 01:43:52

[SECURITY] Fedora 35 Update: grafana-7.5.11-3.fc35

2022-01-28 01:36:39

[SECURITY] Fedora 35 Update: golang-1.16.12-1.fc35

2021-12-30 01:19:52

freebsd

go -- multiple vulnerabilities

2021-12-08 00:00:00

mageia

Updated golang packages fix security vulnerability

2021-12-26 03:14:13

photon

Important Photon OS Security Update - PHSA-2022-0154

2022-02-07 00:00:00

Important Photon OS Security Update - PHSA-2022-0440

2022-02-07 00:00:00

Important Photon OS Security Update - PHSA-2022-4.0-0154

2022-02-17 00:00:00

debian

[SECURITY] [DLA 2891-1] golang-1.8 security update

2022-01-21 22:02:58

[SECURITY] [DLA 2892-1] golang-1.7 security update

2022-01-21 22:03:05

[SECURITY] [DLA 3395-1] golang-1.11 security update

2023-04-19 21:43:12

amazon

Important: golang

2022-04-25 15:59:00

Important: golang

2022-07-06 03:11:00

Important: golang

2022-04-25 03:47:00

ics

Siemens Brownfield Connectivity Gateway

2023-02-16 12:00:00

gentoo

Go: Multiple Vulnerabilities

2022-08-04 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

7.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.3%

JSON

Related for OSV:GO-2022-0288