Vulnerability-Lookup

WID-SEC-W-2023-1116

Vulnerability from csaf_certbund - Published: 2023-05-01 22:00 - Updated: 2023-09-06 22:00

Summary

IBM DB2: Mehrere Schwachstellen ermöglichen Denial of Service

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme: - UNIX - Linux - Windows

CVE-2023-24537

In IBM DB2 existieren mehrere Schwachstellen. Diese sind auf verschiedene Fehler in der Komponente Golang zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen.

Affected products

Known affected 4 products

Product	Identifier	Version
IBM DB2 IBM / DB2	`cpe:/a:ibm:db2:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Spectrum Protect plus 10.1 IBM	`cpe:/a:ibm:spectrum_protect:plus_10.1`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2023-24532

Affected products

Known affected 4 products

Product	Identifier	Version
IBM DB2 IBM / DB2	`cpe:/a:ibm:db2:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Spectrum Protect plus 10.1 IBM	`cpe:/a:ibm:spectrum_protect:plus_10.1`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-41725

Affected products

Known affected 4 products

Product	Identifier	Version
IBM DB2 IBM / DB2	`cpe:/a:ibm:db2:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Spectrum Protect plus 10.1 IBM	`cpe:/a:ibm:spectrum_protect:plus_10.1`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-41724

Affected products

Known affected 4 products

Product	Identifier	Version
IBM DB2 IBM / DB2	`cpe:/a:ibm:db2:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Spectrum Protect plus 10.1 IBM	`cpe:/a:ibm:spectrum_protect:plus_10.1`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2022-41723

Affected products

Known affected 4 products

Product	Identifier	Version
IBM DB2 IBM / DB2	`cpe:/a:ibm:db2:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Spectrum Protect plus 10.1 IBM	`cpe:/a:ibm:spectrum_protect:plus_10.1`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

References

8 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVE…	external
https://alas.aws.amazon.com/AL2/ALASDOCKER-2023-0…	external
https://www.ibm.com/support/pages/node/7008449	external
https://www.ibm.com/support/pages/node/7005589	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://www.ibm.com/support/pages/node/6987489	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1116 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1116.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1116 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1116"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2NITRO-ENCLAVES-2023-029 vom 2023-09-07",
        "url": "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2023-029.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2DOCKER-2023-030 vom 2023-09-07",
        "url": "https://alas.aws.amazon.com/AL2/ALASDOCKER-2023-030.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7008449 vom 2023-06-29",
        "url": "https://www.ibm.com/support/pages/node/7008449"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7005589 vom 2023-06-21",
        "url": "https://www.ibm.com/support/pages/node/7005589"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-EFD9BBF67E vom 2023-05-26",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-efd9bbf67e"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 6987489 vom 2023-05-01",
        "url": "https://www.ibm.com/support/pages/node/6987489"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM DB2: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
    "tracking": {
      "current_release_date": "2023-09-06T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:50:12.499+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1116",
      "initial_release_date": "2023-05-01T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-05-01T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-05-29T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2023-06-20T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-06-29T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-09-06T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Amazon aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "IBM DB2",
                "product": {
                  "name": "IBM DB2",
                  "product_id": "5104",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:-"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM DB2 \u003c REST latest-amd64",
                "product": {
                  "name": "IBM DB2 \u003c REST latest-amd64",
                  "product_id": "T027305",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:rest_latest-amd64"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM DB2 \u003c REST 1.0.0.266-amd64",
                "product": {
                  "name": "IBM DB2 \u003c REST 1.0.0.266-amd64",
                  "product_id": "T027567",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:rest_1.0.0.266-amd64"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "DB2"
          },
          {
            "category": "product_name",
            "name": "IBM Spectrum Protect plus 10.1",
            "product": {
              "name": "IBM Spectrum Protect plus 10.1",
              "product_id": "T015895",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:spectrum_protect:plus_10.1"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-24537",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind auf verschiedene Fehler in der Komponente Golang zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "5104",
          "398363",
          "T015895",
          "74185"
        ]
      },
      "release_date": "2023-05-01T22:00:00.000+00:00",
      "title": "CVE-2023-24537"
    },
    {
      "cve": "CVE-2023-24532",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind auf verschiedene Fehler in der Komponente Golang zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "5104",
          "398363",
          "T015895",
          "74185"
        ]
      },
      "release_date": "2023-05-01T22:00:00.000+00:00",
      "title": "CVE-2023-24532"
    },
    {
      "cve": "CVE-2022-41725",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind auf verschiedene Fehler in der Komponente Golang zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "5104",
          "398363",
          "T015895",
          "74185"
        ]
      },
      "release_date": "2023-05-01T22:00:00.000+00:00",
      "title": "CVE-2022-41725"
    },
    {
      "cve": "CVE-2022-41724",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind auf verschiedene Fehler in der Komponente Golang zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "5104",
          "398363",
          "T015895",
          "74185"
        ]
      },
      "release_date": "2023-05-01T22:00:00.000+00:00",
      "title": "CVE-2022-41724"
    },
    {
      "cve": "CVE-2022-41723",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind auf verschiedene Fehler in der Komponente Golang zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "5104",
          "398363",
          "T015895",
          "74185"
        ]
      },
      "release_date": "2023-05-01T22:00:00.000+00:00",
      "title": "CVE-2022-41723"
    }
  ]
}

CVE-2022-41723 (GCVE-0-2022-41723)

Vulnerability from cvelistv5 – Published: 2023-02-28 17:19 – Updated: 2025-05-05 16:12

Title

Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

Summary

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE 400: Uncontrolled Resource Consumption
NVD-CWE-Other

Assigner

References

15 references

URL	Tags
https://go.dev/issue/57855
https://go.dev/cl/468135
https://go.dev/cl/468295
https://groups.google.com/g/golang-announce/c/V0a…
https://pkg.go.dev/vuln/GO-2023-1571
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://www.couchbase.com/alerts/
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://security.gentoo.org/glsa/202311-09
https://security.netapp.com/advisory/ntap-2023033…

Impacted products

3 products

Vendor	Product	Version
Go standard library	net/http	Affected: 0 , < 1.19.6 (semver) Affected: 1.20.0-0 , < 1.20.1 (semver)
golang.org/x/net	golang.org/x/net/http2	Affected: 0 , < 0.7.0 (semver)
golang.org/x/net	golang.org/x/net/http2/hpack	Affected: 0 , < 0.7.0 (semver)

Credits

Philippe Antoine (Catena cyber)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:49:43.617Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20230331-0010/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/57855"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/468135"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/468295"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2023-1571"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.couchbase.com/alerts/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202311-09"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-41723",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:26:37.352634Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "NVD-CWE-Other",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T16:12:28.159Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net/http",
          "product": "net/http",
          "programRoutines": [
            {
              "name": "Transport.RoundTrip"
            },
            {
              "name": "Server.Serve"
            },
            {
              "name": "Client.Do"
            },
            {
              "name": "Client.Get"
            },
            {
              "name": "Client.Head"
            },
            {
              "name": "Client.Post"
            },
            {
              "name": "Client.PostForm"
            },
            {
              "name": "Get"
            },
            {
              "name": "Head"
            },
            {
              "name": "ListenAndServe"
            },
            {
              "name": "ListenAndServeTLS"
            },
            {
              "name": "Post"
            },
            {
              "name": "PostForm"
            },
            {
              "name": "Serve"
            },
            {
              "name": "ServeTLS"
            },
            {
              "name": "Server.ListenAndServe"
            },
            {
              "name": "Server.ListenAndServeTLS"
            },
            {
              "name": "Server.ServeTLS"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.19.6",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.1",
              "status": "affected",
              "version": "1.20.0-0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/net/http2",
          "product": "golang.org/x/net/http2",
          "programRoutines": [
            {
              "name": "Transport.RoundTrip"
            },
            {
              "name": "Server.ServeConn"
            },
            {
              "name": "ClientConn.Close"
            },
            {
              "name": "ClientConn.Ping"
            },
            {
              "name": "ClientConn.RoundTrip"
            },
            {
              "name": "ClientConn.Shutdown"
            },
            {
              "name": "ConfigureServer"
            },
            {
              "name": "ConfigureTransport"
            },
            {
              "name": "ConfigureTransports"
            },
            {
              "name": "ConnectionError.Error"
            },
            {
              "name": "ErrCode.String"
            },
            {
              "name": "FrameHeader.String"
            },
            {
              "name": "FrameType.String"
            },
            {
              "name": "FrameWriteRequest.String"
            },
            {
              "name": "Framer.ReadFrame"
            },
            {
              "name": "Framer.WriteContinuation"
            },
            {
              "name": "Framer.WriteData"
            },
            {
              "name": "Framer.WriteDataPadded"
            },
            {
              "name": "Framer.WriteGoAway"
            },
            {
              "name": "Framer.WriteHeaders"
            },
            {
              "name": "Framer.WritePing"
            },
            {
              "name": "Framer.WritePriority"
            },
            {
              "name": "Framer.WritePushPromise"
            },
            {
              "name": "Framer.WriteRSTStream"
            },
            {
              "name": "Framer.WriteRawFrame"
            },
            {
              "name": "Framer.WriteSettings"
            },
            {
              "name": "Framer.WriteSettingsAck"
            },
            {
              "name": "Framer.WriteWindowUpdate"
            },
            {
              "name": "GoAwayError.Error"
            },
            {
              "name": "ReadFrameHeader"
            },
            {
              "name": "Setting.String"
            },
            {
              "name": "SettingID.String"
            },
            {
              "name": "SettingsFrame.ForeachSetting"
            },
            {
              "name": "StreamError.Error"
            },
            {
              "name": "Transport.CloseIdleConnections"
            },
            {
              "name": "Transport.NewClientConn"
            },
            {
              "name": "Transport.RoundTripOpt"
            },
            {
              "name": "bufferedWriter.Flush"
            },
            {
              "name": "bufferedWriter.Write"
            },
            {
              "name": "chunkWriter.Write"
            },
            {
              "name": "clientConnPool.GetClientConn"
            },
            {
              "name": "connError.Error"
            },
            {
              "name": "dataBuffer.Read"
            },
            {
              "name": "duplicatePseudoHeaderError.Error"
            },
            {
              "name": "gzipReader.Close"
            },
            {
              "name": "gzipReader.Read"
            },
            {
              "name": "headerFieldNameError.Error"
            },
            {
              "name": "headerFieldValueError.Error"
            },
            {
              "name": "noDialClientConnPool.GetClientConn"
            },
            {
              "name": "noDialH2RoundTripper.RoundTrip"
            },
            {
              "name": "pipe.Read"
            },
            {
              "name": "priorityWriteScheduler.CloseStream"
            },
            {
              "name": "priorityWriteScheduler.OpenStream"
            },
            {
              "name": "pseudoHeaderError.Error"
            },
            {
              "name": "requestBody.Close"
            },
            {
              "name": "requestBody.Read"
            },
            {
              "name": "responseWriter.Flush"
            },
            {
              "name": "responseWriter.FlushError"
            },
            {
              "name": "responseWriter.Push"
            },
            {
              "name": "responseWriter.SetReadDeadline"
            },
            {
              "name": "responseWriter.SetWriteDeadline"
            },
            {
              "name": "responseWriter.Write"
            },
            {
              "name": "responseWriter.WriteHeader"
            },
            {
              "name": "responseWriter.WriteString"
            },
            {
              "name": "serverConn.CloseConn"
            },
            {
              "name": "serverConn.Flush"
            },
            {
              "name": "stickyErrWriter.Write"
            },
            {
              "name": "transportResponseBody.Close"
            },
            {
              "name": "transportResponseBody.Read"
            },
            {
              "name": "writeData.String"
            }
          ],
          "vendor": "golang.org/x/net",
          "versions": [
            {
              "lessThan": "0.7.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/net/http2/hpack",
          "product": "golang.org/x/net/http2/hpack",
          "programRoutines": [
            {
              "name": "Decoder.parseFieldLiteral"
            },
            {
              "name": "Decoder.readString"
            },
            {
              "name": "Decoder.DecodeFull"
            },
            {
              "name": "Decoder.Write"
            }
          ],
          "vendor": "golang.org/x/net",
          "versions": [
            {
              "lessThan": "0.7.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Philippe Antoine (Catena cyber)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE 400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-25T11:09:48.448Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/57855"
        },
        {
          "url": "https://go.dev/cl/468135"
        },
        {
          "url": "https://go.dev/cl/468295"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-1571"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/"
        },
        {
          "url": "https://www.couchbase.com/alerts/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202311-09"
        }
      ],
      "title": "Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-41723",
    "datePublished": "2023-02-28T17:19:45.801Z",
    "dateReserved": "2022-09-28T17:00:06.610Z",
    "dateUpdated": "2025-05-05T16:12:28.159Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-41724 (GCVE-0-2022-41724)

Vulnerability from cvelistv5 – Published: 2023-02-28 17:19 – Updated: 2025-03-07 17:57

Title

Panic on large handshake records in crypto/tls

Summary

Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

References

5 references

URL	Tags
https://go.dev/issue/58001
https://go.dev/cl/468125
https://groups.google.com/g/golang-announce/c/V0a…
https://pkg.go.dev/vuln/GO-2023-1570
https://security.gentoo.org/glsa/202311-09

Impacted products

1 product

Vendor	Product	Version
Go standard library	crypto/tls	Affected: 0 , < 1.19.6 (semver) Affected: 1.20.0-0 , < 1.20.1 (semver)

Credits

Marten Seemann

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:49:43.929Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/58001"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/468125"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2023-1570"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202311-09"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-41724",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-07T17:56:50.422222Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-07T17:57:05.605Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/tls",
          "product": "crypto/tls",
          "programRoutines": [
            {
              "name": "handshakeMessage.marshal"
            },
            {
              "name": "Conn.writeRecord"
            },
            {
              "name": "Conn.readHandshake"
            },
            {
              "name": "Conn.handleRenegotiation"
            },
            {
              "name": "Conn.handlePostHandshakeMessage"
            },
            {
              "name": "Conn.handleKeyUpdate"
            },
            {
              "name": "Conn.clientHandshake"
            },
            {
              "name": "Conn.loadSession"
            },
            {
              "name": "clientHandshakeState.handshake"
            },
            {
              "name": "clientHandshakeState.doFullHandshake"
            },
            {
              "name": "clientHandshakeState.readFinished"
            },
            {
              "name": "clientHandshakeState.readSessionTicket"
            },
            {
              "name": "clientHandshakeState.sendFinished"
            },
            {
              "name": "clientHandshakeStateTLS13.handshake"
            },
            {
              "name": "clientHandshakeStateTLS13.sendDummyChangeCipherSpec"
            },
            {
              "name": "clientHandshakeStateTLS13.processHelloRetryRequest"
            },
            {
              "name": "clientHandshakeStateTLS13.readServerParameters"
            },
            {
              "name": "clientHandshakeStateTLS13.readServerCertificate"
            },
            {
              "name": "clientHandshakeStateTLS13.readServerFinished"
            },
            {
              "name": "clientHandshakeStateTLS13.sendClientCertificate"
            },
            {
              "name": "clientHandshakeStateTLS13.sendClientFinished"
            },
            {
              "name": "clientHelloMsg.marshal"
            },
            {
              "name": "clientHelloMsg.marshalWithoutBinders"
            },
            {
              "name": "clientHelloMsg.updateBinders"
            },
            {
              "name": "serverHelloMsg.marshal"
            },
            {
              "name": "encryptedExtensionsMsg.marshal"
            },
            {
              "name": "endOfEarlyDataMsg.marshal"
            },
            {
              "name": "keyUpdateMsg.marshal"
            },
            {
              "name": "newSessionTicketMsgTLS13.marshal"
            },
            {
              "name": "certificateRequestMsgTLS13.marshal"
            },
            {
              "name": "certificateMsg.marshal"
            },
            {
              "name": "certificateMsgTLS13.marshal"
            },
            {
              "name": "serverKeyExchangeMsg.marshal"
            },
            {
              "name": "certificateStatusMsg.marshal"
            },
            {
              "name": "serverHelloDoneMsg.marshal"
            },
            {
              "name": "clientKeyExchangeMsg.marshal"
            },
            {
              "name": "finishedMsg.marshal"
            },
            {
              "name": "certificateRequestMsg.marshal"
            },
            {
              "name": "certificateVerifyMsg.marshal"
            },
            {
              "name": "newSessionTicketMsg.marshal"
            },
            {
              "name": "helloRequestMsg.marshal"
            },
            {
              "name": "Conn.readClientHello"
            },
            {
              "name": "serverHandshakeState.doResumeHandshake"
            },
            {
              "name": "serverHandshakeState.doFullHandshake"
            },
            {
              "name": "serverHandshakeState.readFinished"
            },
            {
              "name": "serverHandshakeState.sendSessionTicket"
            },
            {
              "name": "serverHandshakeState.sendFinished"
            },
            {
              "name": "serverHandshakeStateTLS13.checkForResumption"
            },
            {
              "name": "serverHandshakeStateTLS13.sendDummyChangeCipherSpec"
            },
            {
              "name": "serverHandshakeStateTLS13.doHelloRetryRequest"
            },
            {
              "name": "serverHandshakeStateTLS13.sendServerParameters"
            },
            {
              "name": "serverHandshakeStateTLS13.sendServerCertificate"
            },
            {
              "name": "serverHandshakeStateTLS13.sendServerFinished"
            },
            {
              "name": "serverHandshakeStateTLS13.sendSessionTickets"
            },
            {
              "name": "serverHandshakeStateTLS13.readClientCertificate"
            },
            {
              "name": "serverHandshakeStateTLS13.readClientFinished"
            },
            {
              "name": "cipherSuiteTLS13.expandLabel"
            },
            {
              "name": "sessionState.marshal"
            },
            {
              "name": "sessionStateTLS13.marshal"
            },
            {
              "name": "Conn.Handshake"
            },
            {
              "name": "Conn.HandshakeContext"
            },
            {
              "name": "Conn.Read"
            },
            {
              "name": "Conn.Write"
            },
            {
              "name": "ConnectionState.ExportKeyingMaterial"
            },
            {
              "name": "Dial"
            },
            {
              "name": "DialWithDialer"
            },
            {
              "name": "Dialer.Dial"
            },
            {
              "name": "Dialer.DialContext"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.19.6",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.1",
              "status": "affected",
              "version": "1.20.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Marten Seemann"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth \u003e= RequestClientCert)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-25T11:09:30.560Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/58001"
        },
        {
          "url": "https://go.dev/cl/468125"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-1570"
        },
        {
          "url": "https://security.gentoo.org/glsa/202311-09"
        }
      ],
      "title": "Panic on large handshake records in crypto/tls"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-41724",
    "datePublished": "2023-02-28T17:19:44.420Z",
    "dateReserved": "2022-09-28T17:00:06.611Z",
    "dateUpdated": "2025-03-07T17:57:05.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-41725 (GCVE-0-2022-41725)

Vulnerability from cvelistv5 – Published: 2023-02-28 17:19 – Updated: 2025-03-07 17:58

Title

Excessive resource consumption in mime/multipart

Summary

A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, "If stored on disk, the File's underlying concrete type will be an *os.File.". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader.

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

References

5 references

URL	Tags
https://go.dev/issue/58006
https://go.dev/cl/468124
https://groups.google.com/g/golang-announce/c/V0a…
https://pkg.go.dev/vuln/GO-2023-1569
https://security.gentoo.org/glsa/202311-09

Impacted products

1 product

Vendor	Product	Version
Go standard library	mime/multipart	Affected: 0 , < 1.19.6 (semver) Affected: 1.20.0-0 , < 1.20.1 (semver)

Credits

Arpad Ryszka Jakob Ackermann (@das7pad)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:49:43.723Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/58006"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/468124"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2023-1569"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202311-09"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-41725",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-07T17:57:52.557641Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-07T17:58:06.747Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "mime/multipart",
          "product": "mime/multipart",
          "programRoutines": [
            {
              "name": "Reader.ReadForm"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.19.6",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.1",
              "status": "affected",
              "version": "1.20.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Arpad Ryszka"
        },
        {
          "lang": "en",
          "value": "Jakob Ackermann (@das7pad)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing \"up to maxMemory bytes +10MB (reserved for non-file parts) in memory\". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type\u0027s documentation states, \"If stored on disk, the File\u0027s underlying concrete type will be an *os.File.\". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-25T11:09:27.308Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/58006"
        },
        {
          "url": "https://go.dev/cl/468124"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-1569"
        },
        {
          "url": "https://security.gentoo.org/glsa/202311-09"
        }
      ],
      "title": "Excessive resource consumption in mime/multipart"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-41725",
    "datePublished": "2023-02-28T17:19:42.989Z",
    "dateReserved": "2022-09-28T17:02:29.447Z",
    "dateUpdated": "2025-03-07T17:58:06.747Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-24532 (GCVE-0-2023-24532)

Vulnerability from cvelistv5 – Published: 2023-03-08 19:40 – Updated: 2024-08-02 10:56

Title

Incorrect calculation on P256 curves in crypto/internal/nistec

Summary

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-682 - Incorrect Calculation

Assigner

References

5 references

URL	Tags
https://go.dev/issue/58647
https://go.dev/cl/471255
https://groups.google.com/g/golang-announce/c/3-T…
https://pkg.go.dev/vuln/GO-2023-1621
https://security.netapp.com/advisory/ntap-2023033…

Impacted products

1 product

Vendor	Product	Version
Go standard library	crypto/internal/nistec	Affected: 0 , < 1.19.7 (semver) Affected: 1.20.0-0 , < 1.20.2 (semver)

Credits

Guido Vranken, via the Ethereum Foundation bug bounty program

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:56:04.340Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20230331-0011/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/58647"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/471255"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2023-1621"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-24532",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-01T15:58:31.679478Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-01T15:58:40.921Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/internal/nistec",
          "product": "crypto/internal/nistec",
          "programRoutines": [
            {
              "name": "P256Point.ScalarBaseMult"
            },
            {
              "name": "P256Point.ScalarMult"
            },
            {
              "name": "P256OrdInverse"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.19.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.2",
              "status": "affected",
              "version": "1.20.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Guido Vranken, via the Ethereum Foundation bug bounty program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-682: Incorrect Calculation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:07:52.290Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/58647"
        },
        {
          "url": "https://go.dev/cl/471255"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-1621"
        }
      ],
      "title": "Incorrect calculation on P256 curves in crypto/internal/nistec"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2023-24532",
    "datePublished": "2023-03-08T19:40:45.425Z",
    "dateReserved": "2023-01-25T21:19:20.641Z",
    "dateUpdated": "2024-08-02T10:56:04.340Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-24537 (GCVE-0-2023-24537)

Vulnerability from cvelistv5 – Published: 2023-04-06 15:50 – Updated: 2025-02-13 16:44

Title

Infinite loop in parsing in go/scanner

Summary

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-190 - Integer Overflow or Wraparound

Assigner

References

6 references

URL	Tags
https://go.dev/issue/59180
https://go.dev/cl/482078
https://groups.google.com/g/golang-announce/c/Xdv…
https://pkg.go.dev/vuln/GO-2023-1702
https://security.gentoo.org/glsa/202311-09
https://security.netapp.com/advisory/ntap-2024112…

Impacted products

1 product

Vendor	Product	Version
Go standard library	go/scanner	Affected: 0 , < 1.19.8 (semver) Affected: 1.20.0-0 , < 1.20.3 (semver)

Credits

Philippe Antoine (Catena cyber)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-29T12:04:35.562Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/59180"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/482078"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2023-1702"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202311-09"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241129-0004/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-24537",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-12T17:00:19.402169Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-190",
                "description": "CWE-190 Integer Overflow or Wraparound",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T17:01:10.967Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "go/scanner",
          "product": "go/scanner",
          "programRoutines": [
            {
              "name": "Scanner.updateLineInfo"
            },
            {
              "name": "Scanner.Scan"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.19.8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.3",
              "status": "affected",
              "version": "1.20.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Philippe Antoine (Catena cyber)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-25T11:09:46.845Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/59180"
        },
        {
          "url": "https://go.dev/cl/482078"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-1702"
        },
        {
          "url": "https://security.gentoo.org/glsa/202311-09"
        }
      ],
      "title": "Infinite loop in parsing in go/scanner"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2023-24537",
    "datePublished": "2023-04-06T15:50:49.556Z",
    "dateReserved": "2023-01-25T21:19:20.642Z",
    "dateUpdated": "2025-02-13T16:44:18.701Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2023-1116

CVE-2022-41723 (GCVE-0-2022-41723)

CVE-2022-41724 (GCVE-0-2022-41724)

CVE-2022-41725 (GCVE-0-2022-41725)

CVE-2023-24532 (GCVE-0-2023-24532)

CVE-2023-24537 (GCVE-0-2023-24537)

Tags

Sightings

Nomenclature