Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-30322
HistoryMay 25, 2022 - 12:00 a.m.

CVE-2022-30322

2022-05-2500:00:00
ubuntu.com
ubuntu.com
22
go-getter resource exhaustion http unix cve-2022-30322 fixed 1.6.1 2.1.0 bugs.debian.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

EPSS

0.002

Percentile

53.7%

go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion
when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and
2.1.0.

Bugs

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

EPSS

0.002

Percentile

53.7%