70 matches found
Amazon Linux 2 : golang, golang-bin, golang-misc (ALAS-2023-1926)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1926 advisory. An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries ...
Fedora 37 : syncthing (2023-70eb8ba61e)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-70eb8ba61e advisory. Update to version 1.23.0. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.23.0 Additionally, this update was built with a version of...
Fedora 36 : syncthing (2023-6d71ff268e)
The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-6d71ff268e advisory. Update to version 1.23.0. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.23.0 Additionally, this update was built with a version of...
Fedora 37 : git-credential-oauth (2023-267503a090)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-267503a090 advisory. new upstream version Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for th...
Fedora 36 : caddy (2023-0fff8bc164)
The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0fff8bc164 advisory. Rebuild for CVE-2022-41717 in golang. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...
AZL-33630 CVE-2022-41717 affecting package prometheus for versions less than 2.37.9-1
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
AZL-33568 CVE-2022-41717 affecting package azcopy for versions less than 10.24.0-1
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
AZL-33617 CVE-2022-41717 affecting package moby-cli for versions less than 24.0.9-1
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
AZL-35011 CVE-2022-41717 affecting package moby-engine for versions less than 25.0.3-1
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
AZL-33582 CVE-2022-41717 affecting package gh for versions less than 2.13.0-2
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
CVE-2022-41717
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
AZL-35284 CVE-2022-41717 affecting package sriov-network-device-plugin for versions less than 3.7.0-1
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
Design/Logic Flaw
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
CVE-2022-41717
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
UBUNTU-CVE-2022-41717
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
CVE-2022-41717 Excessive memory growth in net/http and golang.org/x/net/http2
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
CVE-2022-41717
CVE-2022-41717 affects Go HTTP/2 servers by allowing an attacker to trigger excessive memory growth via oversized header keys. The vulnerability stems from the HTTP/2 header key cache, which can allocate about 64 MiB per open connection when handling large keys. Several connected advisories confi...
CVE-2022-41717
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
CVE-2022-41717
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
GO-2022-0212 Request smuggling due to accepting invalid headers in net/http via net/textproto
net/http through net/textproto used to accept and normalize invalid HTTP/1.1 headers with a space before the colon, in violation of RFC 7230. If a Go server is used behind an uncommon reverse proxy that accepts and forwards but doesn't normalize such invalid headers, the reverse proxy and the...