Lucene search

GoogleOSV:GO-2022-1032

HistoryAug 21, 2024 - 4:03 p.m.

Cloudflare GoFlow vulnerable to a Denial of Service in the sflow packet handling package in github.com/cloudflare/goflow

2024-08-2116:03:24

Google

osv.dev

cloudflare

goflow

dos

vulnerability

sflow

packet handling

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

JSON

Cloudflare GoFlow vulnerable to a Denial of Service in the sflow packet handling package in github.com/cloudflare/goflow

References

github.com/cloudflare/goflow/commit/2b94619a6204443e3ca1769f4e459f9f57039c51

github.com/cloudflare/goflow/commit/c829ccd2c0aafdc9b886b20bf6f28095607f4998

github.com/cloudflare/goflow/releases/tag/v3.4.4

github.com/cloudflare/goflow/security/advisories/GHSA-9rpw-2h95-666c

nvd.nist.gov/vuln/detail/CVE-2022-2529

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

JSON

Related for OSV:GO-2022-1032