Lucene search

K
redosRedosROS-20240923-06
HistorySep 23, 2024 - 12:00 a.m.

ROS-20240923-06

2024-09-2300:00:00
redos.red-soft.ru
2
go programming language
vulnerability
http/2
denial of service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

Vulnerability of net/http and net/http2 libraries of Go programming language (in terms of implementation of the HTTP/2 protocol) is related to uncontrolled resource consumption as a result of incorrect determination of the termination of
HTTP/2) is related to uncontrolled resource consumption as a result of incorrect definition of header termination during processing of CONTINUATION frames.
header when processing CONTINUATION frames. Exploitation of the vulnerability could allow an attacker,
acting remotely, to cause a denial of service

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64consul< 1.18.2-1UNKNOWN

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High