An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
References
Configurations
History
18 Jan 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Dec 2023, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Nov 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Nov 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Sep 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Sep 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Sep 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Aug 2023, 17:19
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/ - Mailing List | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/ - Mailing List | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/ - Mailing List | |
First Time |
Fedoraproject fedora
Fedoraproject |
|
CPE | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
25 Jul 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Jul 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2022-12-08 20:15
Updated : 2024-02-28 19:51
NVD link : CVE-2022-41717
Mitre link : CVE-2022-41717
CVE.ORG link : CVE-2022-41717
JSON object : View
Products Affected
golang
- http2
- go
fedoraproject
- fedora
CWE
CWE-770
Allocation of Resources Without Limits or Throttling