Denial Of Service (DoS)

2021-12-1420:52:35

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

golang is vulnerable to denial of service. The vulnerability exists due to an uncontrolled resource consumption flaw in golang’s net/http library in the canonicalHeader() function which allows an attacker to submits maliciously crafted requests to applications linked with net/http’s http2 functionality and crash the system.

CPENameOperatorVersion
golang-1.15:sideq1.15.5-2
go-toolset-1.16eq1.16.7__1.el7_9
go-toolset-1.16-golangeq1.16.7__1.el7_9
golang-1.15:bullseyeeq1.15.5-2
grafanaeq5.2.4__3.el7cp
grafanaeq7.3.6__2.el8
grafanaeq6.7.4__1.el8
grafanaeq2.0.2__3.el7ost
grafanaeq5.2.4__3.el7rhgs
grafanaeq5.2.4__2.el7cp

Name	Operator	Version
golang-1.15:sid	eq	1.15.5-2
go-toolset-1.16	eq	1.16.7__1.el7_9
go-toolset-1.16-golang	eq	1.16.7__1.el7_9
golang-1.15:bullseye	eq	1.15.5-2
grafana	eq	5.2.4__3.el7cp
grafana	eq	7.3.6__2.el8
grafana	eq	6.7.4__1.el8
grafana	eq	2.0.2__3.el7ost
grafana	eq	5.2.4__3.el7rhgs
grafana	eq	5.2.4__2.el7cp