First published: Fri Feb 17 2023(Updated: )
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
Credit: security@golang.org security@golang.org security@golang.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/openshift-serverless-clients | <0:1.8.1-3.el8 | 0:1.8.1-3.el8 |
redhat/openshift | <0:4.13.0-202304211155.p0.gb404935.assembly.stream.el9 | 0:4.13.0-202304211155.p0.gb404935.assembly.stream.el9 |
redhat/etcd | <0:3.3.23-14.el8 | 0:3.3.23-14.el8 |
redhat/skupper-cli | <0:1.4.1-2.el8 | 0:1.4.1-2.el8 |
redhat/skupper-cli | <0:1.4.1-2.el9 | 0:1.4.1-2.el9 |
go/golang.org/x/net | <0.7.0 | 0.7.0 |
redhat/golang.org/x/net | <0.7.0 | 0.7.0 |
redhat/golang | <1.20.1 | 1.20.1 |
redhat/golang | <1.19.6 | 1.19.6 |
Golang Go | <1.19.6 | |
Golang Go | =1.20.0 | |
Golang Hpack Go | <0.7.0 | |
Golang Http2 Go | <0.7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2022-41723 is a vulnerability in golang that allows a maliciously crafted HTTP/2 stream to cause excessive CPU consumption and result in a denial of service.
CVE-2022-41723 has a severity rating of 7.5, which is considered high.
Openshift Serverless Clients version 1.8.1-3.el8, Openshift version 4.13.0-202304211155.p0.gb404935.assembly.stream.el9, Etcd version 3.3.23-14.el8, Skupper CLI version 1.4.1-2.el8 and 1.4.1-2.el9, Golang Go versions up to 1.19.6, Golang Go version 1.20.0, Golang Hpack version up to 0.7.0, Golang Http2 version up to 0.7.0, Golang.org/x/net version 0.7.0, Golang version 1.20.1, and Golang version 1.19.6 are affected by CVE-2022-41723.
CVE-2022-41723 can be exploited by sending a maliciously crafted HTTP/2 stream to the vulnerable software, causing excessive CPU consumption in the HPACK decoder.
Yes, the fix for CVE-2022-41723 is available. Please refer to the official references for more information on how to apply the fix.