Lucene search
K

70 matches found

Tenable Nessus
Tenable Nessus
added 2023/02/06 12:0 a.m.41 views

Amazon Linux 2 : golang, golang-bin, golang-misc (ALAS-2023-1926)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1926 advisory. An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries ...

5.3CVSS7AI score0.05623EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/02/03 12:0 a.m.24 views

Fedora 37 : syncthing (2023-70eb8ba61e)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-70eb8ba61e advisory. Update to version 1.23.0. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.23.0 Additionally, this update was built with a version of...

5.3CVSS7AI score0.05623EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/02/03 12:0 a.m.24 views

Fedora 36 : syncthing (2023-6d71ff268e)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-6d71ff268e advisory. Update to version 1.23.0. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.23.0 Additionally, this update was built with a version of...

5.3CVSS7AI score0.05623EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/02/01 12:0 a.m.33 views

Fedora 37 : git-credential-oauth (2023-267503a090)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-267503a090 advisory. new upstream version Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for th...

5.3CVSS7AI score0.05623EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/02/01 12:0 a.m.31 views

Fedora 36 : caddy (2023-0fff8bc164)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0fff8bc164 advisory. Rebuild for CVE-2022-41717 in golang. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

5.3CVSS7AI score0.05623EPSS
Exploits0References2
OSV
OSV
added 2022/12/08 8:15 p.m.5 views

AZL-33630 CVE-2022-41717 affecting package prometheus for versions less than 2.37.9-1

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References1
OSV
OSV
added 2022/12/08 8:15 p.m.7 views

AZL-33568 CVE-2022-41717 affecting package azcopy for versions less than 10.24.0-1

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References1
OSV
OSV
added 2022/12/08 8:15 p.m.8 views

AZL-33617 CVE-2022-41717 affecting package moby-cli for versions less than 24.0.9-1

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References1
OSV
OSV
added 2022/12/08 8:15 p.m.5 views

AZL-35011 CVE-2022-41717 affecting package moby-engine for versions less than 25.0.3-1

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References1
OSV
OSV
added 2022/12/08 8:15 p.m.6 views

AZL-33582 CVE-2022-41717 affecting package gh for versions less than 2.13.0-2

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References1
OSV
OSV
added 2022/12/08 8:15 p.m.43 views

CVE-2022-41717

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.4AI score
Exploits0References24
OSV
OSV
added 2022/12/08 8:15 p.m.10 views

AZL-35284 CVE-2022-41717 affecting package sriov-network-device-plugin for versions less than 3.7.0-1

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References1
Prion
Prion
added 2022/12/08 8:15 p.m.26 views

Design/Logic Flaw

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5CVSS6.5AI score0.05623EPSS
Exploits0References23Affected Software3
UbuntuCve
UbuntuCve
added 2022/12/08 8:15 p.m.47 views

CVE-2022-41717

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.8AI score0.05623EPSS
Exploits0References11
OSV
OSV
added 2022/12/08 8:15 p.m.3 views

UBUNTU-CVE-2022-41717

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.8AI score0.05623EPSS
Exploits0References12
Cvelist
Cvelist
added 2022/12/08 7:3 p.m.34 views

CVE-2022-41717 Excessive memory growth in net/http and golang.org/x/net/http2

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

6.8AI score0.05623EPSS
Exploits0References23
CVE
CVE
added 2022/12/08 7:3 p.m.871 views

CVE-2022-41717

CVE-2022-41717 affects Go HTTP/2 servers by allowing an attacker to trigger excessive memory growth via oversized header keys. The vulnerability stems from the HTTP/2 header key cache, which can allocate about 64 MiB per open connection when handling large keys. Several connected advisories confi...

5.3CVSS6.8AI score0.05623EPSS
Exploits0References24Affected Software2
Debian CVE
Debian CVE
added 2022/12/08 7:3 p.m.46 views

CVE-2022-41717

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS7.6AI score0.05623EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/12/08 7:3 p.m.61 views

CVE-2022-41717

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS7AI score0.05623EPSS
Exploits0
OSV
OSV
added 2022/05/23 10:46 p.m.33 views

GO-2022-0212 Request smuggling due to accepting invalid headers in net/http via net/textproto

net/http through net/textproto used to accept and normalize invalid HTTP/1.1 headers with a space before the colon, in violation of RFC 7230. If a Go server is used behind an uncommon reverse proxy that accepts and forwards but doesn't normalize such invalid headers, the reverse proxy and the...

7.5CVSS7.5AI score0.05157EPSS
Exploits0References4
Rows per page
Query Builder