57 matches found
golang: net/http: limit growth of header canonicalization cache
There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of...
golang: net/http: limit growth of header canonicalization cache
There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of...
OESA-2022-1499 golang security update
The Go Programming Language. Security Fixes: net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.CVE-2021-44716...
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
...
Important: Red Hat Security Advisory: grafana security update
An update for grafana is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
golang: net/http: limit growth of header canonicalization cache
There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of...
AZL-33581 CVE-2021-44716 affecting package flannel for versions less than 0.14.0-21
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...
AZL-33612 CVE-2021-44716 affecting package local-path-provisioner for versions less than 0.0.21-16
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...
AZL-39672 CVE-2021-44716 affecting package cri-o for versions less than 1.21.7-2
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...
AZL-33585 CVE-2021-44716 affecting package git-lfs for versions less than 3.1.4-17
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...
AZL-33597 CVE-2021-44716 affecting package keda for versions less than 2.4.0-19
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...
AZL-33613 CVE-2021-44716 affecting package moby-buildx for versions less than 0.7.1-18
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...
AZL-35004 CVE-2021-44716 affecting package moby-engine for versions less than 25.0.3-1
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...
AZL-33627 CVE-2021-44716 affecting package node-problem-detector for versions less than 0.8.10-20
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...
AZL-33641 CVE-2021-44716 affecting package rook for versions less than 1.6.2-19
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...
AZL-35123 CVE-2021-44716 affecting package prometheus-process-exporter for versions less than 0.8.2-1
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...
AZL-33577 CVE-2021-44716 affecting package csi-driver-lvm for versions less than 0.4.1-15
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...
AZL-33635 CVE-2021-44716 affecting package prometheus-node-exporter for versions less than 1.3.1-24
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...
AZL-33638 CVE-2021-44716 affecting package prometheus-process-exporter for versions less than 0.7.10-19
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...
AZL-7125 CVE-2021-44716 affecting package golang for versions less than 1.17.8-1
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...