Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2023-3146
Vulnerability from csaf_certbund
Published
2023-12-13 23:00
Modified
2023-12-13 23:00
Summary
IBM MQ Operator and Queue manager: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM MQ ist eine Message Oriented Middleware von IBM.
Angriff
Ein Angreifer kann mehrere Schwachstellen in IBM MQ Operator and Queue manager ausnutzen, um einen Denial of Service Angriff durchzuführen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM MQ ist eine Message Oriented Middleware von IBM.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in IBM MQ Operator and Queue manager ausnutzen, um einen Denial of Service Angriff durchzuführen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-3146 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3146.json", }, { category: "self", summary: "WID-SEC-2023-3146 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3146", }, { category: "external", summary: "IBM Security Bulletin 7096558 vom 2023-12-13", url: "https://www.ibm.com/support/pages/node/7096558", }, ], source_lang: "en-US", title: "IBM MQ Operator and Queue manager: Mehrere Schwachstellen", tracking: { current_release_date: "2023-12-13T23:00:00.000+00:00", generator: { date: "2024-08-15T18:02:48.819+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-3146", initial_release_date: "2023-12-13T23:00:00.000+00:00", revision_history: [ { date: "2023-12-13T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "IBM MQ Operator < v3.0.0", product: { name: "IBM MQ Operator < v3.0.0", product_id: "T031689", product_identification_helper: { cpe: "cpe:/a:ibm:mq:operator__v3.0.0", }, }, }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4641", notes: [ { category: "description", text: "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.", }, ], release_date: "2023-12-13T23:00:00.000+00:00", title: "CVE-2023-4641", }, { cve: "CVE-2023-44487", notes: [ { category: "description", text: "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.", }, ], release_date: "2023-12-13T23:00:00.000+00:00", title: "CVE-2023-44487", }, { cve: "CVE-2023-43804", notes: [ { category: "description", text: "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.", }, ], release_date: "2023-12-13T23:00:00.000+00:00", title: "CVE-2023-43804", }, { cve: "CVE-2023-4016", notes: [ { category: "description", text: "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.", }, ], release_date: "2023-12-13T23:00:00.000+00:00", title: "CVE-2023-4016", }, { cve: "CVE-2023-3978", notes: [ { category: "description", text: "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.", }, ], release_date: "2023-12-13T23:00:00.000+00:00", title: "CVE-2023-3978", }, { cve: "CVE-2023-39325", notes: [ { category: "description", text: "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.", }, ], release_date: "2023-12-13T23:00:00.000+00:00", title: "CVE-2023-39325", }, { cve: "CVE-2023-39319", notes: [ { category: "description", text: "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.", }, ], release_date: "2023-12-13T23:00:00.000+00:00", title: "CVE-2023-39319", }, { cve: "CVE-2023-39318", notes: [ { category: "description", text: "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.", }, ], release_date: "2023-12-13T23:00:00.000+00:00", title: "CVE-2023-39318", }, { cve: "CVE-2023-29409", notes: [ { category: "description", text: "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.", }, ], release_date: "2023-12-13T23:00:00.000+00:00", title: "CVE-2023-29409", }, { cve: "CVE-2023-25173", notes: [ { category: "description", text: "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.", }, ], release_date: "2023-12-13T23:00:00.000+00:00", title: "CVE-2023-25173", }, { cve: "CVE-2023-25153", notes: [ { category: "description", text: "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.", }, ], release_date: "2023-12-13T23:00:00.000+00:00", title: "CVE-2023-25153", }, { cve: "CVE-2022-41723", notes: [ { category: "description", text: "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.", }, ], release_date: "2023-12-13T23:00:00.000+00:00", title: "CVE-2022-41723", }, { cve: "CVE-2022-41717", notes: [ { category: "description", text: "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.", }, ], release_date: "2023-12-13T23:00:00.000+00:00", title: "CVE-2022-41717", }, { cve: "CVE-2022-31030", notes: [ { category: "description", text: "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.", }, ], release_date: "2023-12-13T23:00:00.000+00:00", title: "CVE-2022-31030", }, { cve: "CVE-2022-23471", notes: [ { category: "description", text: "In IBM MQ Operator and Queue manager existieren mehrere Schwachstellen. Diese basieren auf Schwachstellen in mehreren Komponenten von RedHat Open Shift. Im Einzelnen sind dies: containerd, shadow-maint, shadow-utils, Golang Go, urllib3, procps-ng procps und das HTTP/2 Protokoll. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.", }, ], release_date: "2023-12-13T23:00:00.000+00:00", title: "CVE-2022-23471", }, ], }
cve-2023-25173
Vulnerability from cvelistv5
Published
2023-02-16 14:09
Modified
2025-03-10 21:10
Severity ?
EPSS score ?
Summary
containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well.
This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `"USER $USERNAME"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT ["su", "-", "user"]` to allow `su` to properly set up supplementary groups.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| containerd | containerd |
Version: < 1.5.18 Version: >= 1.6.0, < 1.6.18 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:18:35.671Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p", }, { name: "https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4", }, { name: "https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a", }, { name: "https://github.com/advisories/GHSA-4wjj-jwc9-2x96", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/advisories/GHSA-4wjj-jwc9-2x96", }, { name: "https://github.com/advisories/GHSA-fjm8-m7m6-2fjp", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/advisories/GHSA-fjm8-m7m6-2fjp", }, { name: "https://github.com/advisories/GHSA-phjr-8j92-w5v7", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/advisories/GHSA-phjr-8j92-w5v7", }, { name: "https://github.com/containerd/containerd/releases/tag/v1.5.18", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/containerd/containerd/releases/tag/v1.5.18", }, { name: "https://github.com/containerd/containerd/releases/tag/v1.6.18", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/containerd/containerd/releases/tag/v1.6.18", }, { name: "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-25173", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-10T21:00:44.060345Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-10T21:10:38.648Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "containerd", vendor: "containerd", versions: [ { status: "affected", version: "< 1.5.18", }, { status: "affected", version: ">= 1.6.0, < 1.6.18", }, ], }, ], descriptions: [ { lang: "en", value: "containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well.\n\nThis bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `\"USER $USERNAME\"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT [\"su\", \"-\", \"user\"]` to allow `su` to properly set up supplementary groups.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863: Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-15T20:06:31.329Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p", }, { name: "https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4", tags: [ "x_refsource_MISC", ], url: "https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4", }, { name: "https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a", tags: [ "x_refsource_MISC", ], url: "https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a", }, { name: "https://github.com/advisories/GHSA-4wjj-jwc9-2x96", tags: [ "x_refsource_MISC", ], url: "https://github.com/advisories/GHSA-4wjj-jwc9-2x96", }, { name: "https://github.com/advisories/GHSA-fjm8-m7m6-2fjp", tags: [ "x_refsource_MISC", ], url: "https://github.com/advisories/GHSA-fjm8-m7m6-2fjp", }, { name: "https://github.com/advisories/GHSA-phjr-8j92-w5v7", tags: [ "x_refsource_MISC", ], url: "https://github.com/advisories/GHSA-phjr-8j92-w5v7", }, { name: "https://github.com/containerd/containerd/releases/tag/v1.5.18", tags: [ "x_refsource_MISC", ], url: "https://github.com/containerd/containerd/releases/tag/v1.5.18", }, { name: "https://github.com/containerd/containerd/releases/tag/v1.6.18", tags: [ "x_refsource_MISC", ], url: "https://github.com/containerd/containerd/releases/tag/v1.6.18", }, { name: "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/", tags: [ "x_refsource_MISC", ], url: "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/", }, ], source: { advisory: "GHSA-hmfx-3pcx-653p", discovery: "UNKNOWN", }, title: "containerd supplementary groups are not set up properly", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-25173", datePublished: "2023-02-16T14:09:12.073Z", dateReserved: "2023-02-03T16:59:18.247Z", dateUpdated: "2025-03-10T21:10:38.648Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39318
Vulnerability from cvelistv5
Published
2023-09-08 16:13
Modified
2025-02-13 17:02
Severity ?
EPSS score ?
Summary
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Go standard library | html/template |
Version: 0 ≤ Version: 1.21.0-0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:02:06.918Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://go.dev/issue/62196", }, { tags: [ "x_transferred", ], url: "https://go.dev/cl/526156", }, { tags: [ "x_transferred", ], url: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", }, { tags: [ "x_transferred", ], url: "https://pkg.go.dev/vuln/GO-2023-2041", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231020-0009/", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202311-09", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-39318", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T16:02:51.219482Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T16:05:10.408Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://pkg.go.dev", defaultStatus: "unaffected", packageName: "html/template", product: "html/template", programRoutines: [ { name: "isComment", }, { name: "escaper.escapeText", }, { name: "tJS", }, { name: "tLineCmt", }, { name: "Template.Execute", }, { name: "Template.ExecuteTemplate", }, ], vendor: "Go standard library", versions: [ { lessThan: "1.20.8", status: "affected", version: "0", versionType: "semver", }, { lessThan: "1.21.1", status: "affected", version: "1.21.0-0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", value: "Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.)", }, ], descriptions: [ { lang: "en", value: "The html/template package does not properly handle HTML-like \"\" comment tokens, nor hashbang \"#!\" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.", }, ], problemTypes: [ { descriptions: [ { description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-25T11:10:02.660Z", orgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", shortName: "Go", }, references: [ { url: "https://go.dev/issue/62196", }, { url: "https://go.dev/cl/526156", }, { url: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", }, { url: "https://pkg.go.dev/vuln/GO-2023-2041", }, { url: "https://security.netapp.com/advisory/ntap-20231020-0009/", }, { url: "https://security.gentoo.org/glsa/202311-09", }, ], title: "Improper handling of HTML-like comments in script contexts in html/template", }, }, cveMetadata: { assignerOrgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", assignerShortName: "Go", cveId: "CVE-2023-39318", datePublished: "2023-09-08T16:13:24.063Z", dateReserved: "2023-07-27T17:05:55.186Z", dateUpdated: "2025-02-13T17:02:46.777Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4016
Vulnerability from cvelistv5
Published
2023-08-02 04:20
Modified
2025-02-13 17:03
Severity ?
EPSS score ?
Summary
Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux Kernal |
Version: 3.3.0 (might be earlier) - latest |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:17:10.954Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://gitlab.com/procps-ng/procps", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", ], product: "Linux Kernal", vendor: "Linux", versions: [ { status: "affected", version: "3.3.0 (might be earlier) - latest", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Michael Berlin, BGU", }, { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Prof. Oded Margalit, BGU and Trellix", }, { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Prof. Gera Weiss, BGU", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.", }, ], value: "Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.", }, ], impacts: [ { capecId: "CAPEC-9", descriptions: [ { lang: "en", value: "CAPEC-9 Buffer Overflow in Local Command-Line Utilities", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 2.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-21T02:06:11.188Z", orgId: "01626437-bf8f-4d1c-912a-893b5eb04808", shortName: "trellix", }, references: [ { url: "https://gitlab.com/procps-ng/procps", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "01626437-bf8f-4d1c-912a-893b5eb04808", assignerShortName: "trellix", cveId: "CVE-2023-4016", datePublished: "2023-08-02T04:20:20.645Z", dateReserved: "2023-07-31T10:40:24.737Z", dateUpdated: "2025-02-13T17:03:24.515Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-25153
Vulnerability from cvelistv5
Published
2023-02-16 14:09
Modified
2025-03-10 21:10
Severity ?
EPSS score ?
Summary
containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2 | x_refsource_CONFIRM | |
| https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4 | x_refsource_MISC | |
| https://github.com/containerd/containerd/releases/tag/v1.5.18 | x_refsource_MISC | |
| https://github.com/containerd/containerd/releases/tag/v1.6.18 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| containerd | containerd |
Version: < 1.5.18 Version: >= 1.6.0, < 1.6.18 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:18:35.221Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2", }, { name: "https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4", }, { name: "https://github.com/containerd/containerd/releases/tag/v1.5.18", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/containerd/containerd/releases/tag/v1.5.18", }, { name: "https://github.com/containerd/containerd/releases/tag/v1.6.18", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/containerd/containerd/releases/tag/v1.6.18", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-25153", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-10T20:57:30.825093Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-10T21:10:44.159Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "containerd", vendor: "containerd", versions: [ { status: "affected", version: "< 1.5.18", }, { status: "affected", version: ">= 1.6.0, < 1.6.18", }, ], }, ], descriptions: [ { lang: "en", value: "containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770: Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-16T14:09:08.519Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2", }, { name: "https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4", tags: [ "x_refsource_MISC", ], url: "https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4", }, { name: "https://github.com/containerd/containerd/releases/tag/v1.5.18", tags: [ "x_refsource_MISC", ], url: "https://github.com/containerd/containerd/releases/tag/v1.5.18", }, { name: "https://github.com/containerd/containerd/releases/tag/v1.6.18", tags: [ "x_refsource_MISC", ], url: "https://github.com/containerd/containerd/releases/tag/v1.6.18", }, ], source: { advisory: "GHSA-259w-8hf6-59c2", discovery: "UNKNOWN", }, title: "containerd OCI image importer memory exhaustion", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-25153", datePublished: "2023-02-16T14:09:08.519Z", dateReserved: "2023-02-03T16:59:18.242Z", dateUpdated: "2025-03-10T21:10:44.159Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41717
Vulnerability from cvelistv5
Published
2022-12-08 19:03
Modified
2025-02-13 16:33
Severity ?
EPSS score ?
Summary
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Go standard library | net/http |
Version: 0 ≤ Version: 1.19.0-0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:49:43.657Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20230120-0008/", }, { tags: [ "x_transferred", ], url: "https://go.dev/issue/56350", }, { tags: [ "x_transferred", ], url: "https://go.dev/cl/455717", }, { tags: [ "x_transferred", ], url: "https://go.dev/cl/455635", }, { tags: [ "x_transferred", ], url: "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", }, { tags: [ "x_transferred", ], url: "https://pkg.go.dev/vuln/GO-2022-1144", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202311-09", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://pkg.go.dev", defaultStatus: "unaffected", packageName: "net/http", product: "net/http", programRoutines: [ { name: "http2serverConn.canonicalHeader", }, { name: "ListenAndServe", }, { name: "ListenAndServeTLS", }, { name: "Serve", }, { name: "ServeTLS", }, { name: "Server.ListenAndServe", }, { name: "Server.ListenAndServeTLS", }, { name: "Server.Serve", }, { name: "Server.ServeTLS", }, { name: "http2Server.ServeConn", }, ], vendor: "Go standard library", versions: [ { lessThan: "1.18.9", status: "affected", version: "0", versionType: "semver", }, { lessThan: "1.19.4", status: "affected", version: "1.19.0-0", versionType: "semver", }, ], }, { collectionURL: "https://pkg.go.dev", defaultStatus: "unaffected", packageName: "golang.org/x/net/http2", product: "golang.org/x/net/http2", programRoutines: [ { name: "serverConn.canonicalHeader", }, { name: "Server.ServeConn", }, ], vendor: "golang.org/x/net", versions: [ { lessThan: "0.4.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", value: "Josselin Costanzi", }, ], descriptions: [ { lang: "en", value: "An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.", }, ], problemTypes: [ { descriptions: [ { description: "CWE 400: Uncontrolled Resource Consumption", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-18T02:06:25.182Z", orgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", shortName: "Go", }, references: [ { url: "https://go.dev/issue/56350", }, { url: "https://go.dev/cl/455717", }, { url: "https://go.dev/cl/455635", }, { url: "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", }, { url: "https://pkg.go.dev/vuln/GO-2022-1144", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", }, { url: "https://security.gentoo.org/glsa/202311-09", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", }, ], title: "Excessive memory growth in net/http and golang.org/x/net/http2", }, }, cveMetadata: { assignerOrgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", assignerShortName: "Go", cveId: "CVE-2022-41717", datePublished: "2022-12-08T19:03:53.161Z", dateReserved: "2022-09-28T17:00:06.608Z", dateUpdated: "2025-02-13T16:33:08.284Z", requesterUserId: "7d08541a-cd0a-42e2-8f81-76e6ceb65fc3", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-29409
Vulnerability from cvelistv5
Published
2023-08-02 19:47
Modified
2025-02-13 16:49
Severity ?
EPSS score ?
Summary
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Go standard library | crypto/tls |
Version: 0 ≤ Version: 1.20.0-0 ≤ Version: 1.21.0-0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:07:46.160Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://go.dev/issue/61460", }, { tags: [ "x_transferred", ], url: "https://go.dev/cl/515257", }, { tags: [ "x_transferred", ], url: "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", }, { tags: [ "x_transferred", ], url: "https://pkg.go.dev/vuln/GO-2023-1987", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230831-0010/", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202311-09", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-29409", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-22T14:15:51.334084Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-22T14:16:01.839Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://pkg.go.dev", defaultStatus: "unaffected", packageName: "crypto/tls", product: "crypto/tls", programRoutines: [ { name: "Conn.verifyServerCertificate", }, { name: "Conn.processCertsFromClient", }, { name: "Conn.Handshake", }, { name: "Conn.HandshakeContext", }, { name: "Conn.Read", }, { name: "Conn.Write", }, { name: "Dial", }, { name: "DialWithDialer", }, { name: "Dialer.Dial", }, { name: "Dialer.DialContext", }, ], vendor: "Go standard library", versions: [ { lessThan: "1.19.12", status: "affected", version: "0", versionType: "semver", }, { lessThan: "1.20.7", status: "affected", version: "1.20.0-0", versionType: "semver", }, { lessThan: "1.21.0-rc.4", status: "affected", version: "1.21.0-0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", value: "Mateusz Poliwczak", }, ], descriptions: [ { lang: "en", value: "Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.", }, ], problemTypes: [ { descriptions: [ { description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-25T11:09:25.696Z", orgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", shortName: "Go", }, references: [ { url: "https://go.dev/issue/61460", }, { url: "https://go.dev/cl/515257", }, { url: "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", }, { url: "https://pkg.go.dev/vuln/GO-2023-1987", }, { url: "https://security.netapp.com/advisory/ntap-20230831-0010/", }, { url: "https://security.gentoo.org/glsa/202311-09", }, ], title: "Large RSA keys can cause high CPU usage in crypto/tls", }, }, cveMetadata: { assignerOrgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", assignerShortName: "Go", cveId: "CVE-2023-29409", datePublished: "2023-08-02T19:47:23.829Z", dateReserved: "2023-04-05T19:36:35.043Z", dateUpdated: "2025-02-13T16:49:16.368Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23471
Vulnerability from cvelistv5
Published
2022-12-07 22:51
Modified
2025-04-23 16:31
Severity ?
EPSS score ?
Summary
containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| containerd | containerd |
Version: < 1.5.16 Version: >= 1.6.0, < 1.6.12 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:43:46.038Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9", }, { name: "https://github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-31", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-23471", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-23T13:52:53.736356Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-23T16:31:30.024Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "containerd", vendor: "containerd", versions: [ { status: "affected", version: "< 1.5.16", }, { status: "affected", version: ">= 1.6.0, < 1.6.12", }, ], }, ], descriptions: [ { lang: "en", value: "containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-31T13:06:15.170Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9", }, { name: "https://github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0", tags: [ "x_refsource_MISC", ], url: "https://github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0", }, { url: "https://security.gentoo.org/glsa/202401-31", }, ], source: { advisory: "GHSA-2qjp-425j-52j9", discovery: "UNKNOWN", }, title: "containerd CRI stream server: Host memory exhaustion through terminal resize goroutine leak", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-23471", datePublished: "2022-12-07T22:51:34.193Z", dateReserved: "2022-01-19T21:23:53.757Z", dateUpdated: "2025-04-23T16:31:30.024Z", requesterUserId: "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44487
Vulnerability from cvelistv5
Published
2023-10-10 00:00
Modified
2025-03-07 18:15
Severity ?
EPSS score ?
Summary
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "http", vendor: "ietf", versions: [ { status: "affected", version: "2.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-44487", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-23T20:34:21.334116Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2023-10-10", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-44487", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-23T20:35:03.253Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-19T07:48:04.546Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73", }, { tags: [ "x_transferred", ], url: "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/", }, { tags: [ "x_transferred", ], url: "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/", }, { tags: [ "x_transferred", ], url: "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack", }, { tags: [ "x_transferred", ], url: "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", }, { tags: [ "x_transferred", ], url: "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=37831062", }, { tags: [ "x_transferred", ], url: "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/", }, { tags: [ "x_transferred", ], url: "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack", }, { tags: [ "x_transferred", ], url: "https://github.com/envoyproxy/envoy/pull/30055", }, { tags: [ "x_transferred", ], url: "https://github.com/haproxy/haproxy/issues/2312", }, { tags: [ "x_transferred", ], url: "https://github.com/eclipse/jetty.project/issues/10679", }, { tags: [ "x_transferred", ], url: "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764", }, { tags: [ "x_transferred", ], url: "https://github.com/nghttp2/nghttp2/pull/1961", }, { tags: [ "x_transferred", ], url: "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61", }, { tags: [ "x_transferred", ], url: "https://github.com/alibaba/tengine/issues/1872", }, { tags: [ "x_transferred", ], url: "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=37830987", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=37830998", }, { tags: [ "x_transferred", ], url: "https://github.com/caddyserver/caddy/issues/5877", }, { tags: [ "x_transferred", ], url: "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/", }, { tags: [ "x_transferred", ], url: "https://github.com/bcdannyboy/CVE-2023-44487", }, { tags: [ "x_transferred", ], url: "https://github.com/grpc/grpc-go/pull/6703", }, { tags: [ "x_transferred", ], url: "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244", }, { tags: [ "x_transferred", ], url: "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0", }, { tags: [ "x_transferred", ], url: "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html", }, { tags: [ "x_transferred", ], url: "https://my.f5.com/manage/s/article/K000137106", }, { tags: [ "x_transferred", ], url: "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/", }, { tags: [ "x_transferred", ], url: "https://bugzilla.proxmox.com/show_bug.cgi?id=4988", }, { tags: [ "x_transferred", ], url: "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9", }, { tags: [ "x_transferred", ], url: "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected", }, { tags: [ "x_transferred", ], url: "https://github.com/microsoft/CBL-Mariner/pull/6381", }, { tags: [ "x_transferred", ], url: "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo", }, { tags: [ "x_transferred", ], url: "https://github.com/facebook/proxygen/pull/466", }, { tags: [ "x_transferred", ], url: "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088", }, { tags: [ "x_transferred", ], url: "https://github.com/micrictor/http2-rst-stream", }, { tags: [ "x_transferred", ], url: "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve", }, { tags: [ "x_transferred", ], url: "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/", }, { tags: [ "x_transferred", ], url: "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf", }, { tags: [ "x_transferred", ], url: "https://github.com/h2o/h2o/pull/3291", }, { tags: [ "x_transferred", ], url: "https://github.com/nodejs/node/pull/50121", }, { tags: [ "x_transferred", ], url: "https://github.com/dotnet/announcements/issues/277", }, { tags: [ "x_transferred", ], url: "https://github.com/golang/go/issues/63417", }, { tags: [ "x_transferred", ], url: "https://github.com/advisories/GHSA-vx74-f528-fxqg", }, { tags: [ "x_transferred", ], url: "https://github.com/apache/trafficserver/pull/10564", }, { tags: [ "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487", }, { tags: [ "x_transferred", ], url: "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14", }, { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2023/10/10/6", }, { tags: [ "x_transferred", ], url: "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487", }, { tags: [ "x_transferred", ], url: "https://github.com/opensearch-project/data-prepper/issues/3474", }, { tags: [ "x_transferred", ], url: "https://github.com/kubernetes/kubernetes/pull/121120", }, { tags: [ "x_transferred", ], url: "https://github.com/oqtane/oqtane.framework/discussions/3367", }, { tags: [ "x_transferred", ], url: "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p", }, { tags: [ "x_transferred", ], url: "https://netty.io/news/2023/10/10/4-1-100-Final.html", }, { tags: [ "x_transferred", ], url: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", }, { tags: [ "x_transferred", ], url: "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/", }, { tags: [ "x_transferred", ], url: "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=37837043", }, { tags: [ "x_transferred", ], url: "https://github.com/kazu-yamamoto/http2/issues/93", }, { tags: [ "x_transferred", ], url: "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html", }, { tags: [ "x_transferred", ], url: "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1", }, { tags: [ "x_transferred", ], url: "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113", }, { name: "DSA-5522", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5522", }, { name: "DSA-5521", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5521", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/cve/cve-2023-44487", }, { tags: [ "x_transferred", ], url: "https://github.com/ninenines/cowboy/issues/1615", }, { tags: [ "x_transferred", ], url: "https://github.com/varnishcache/varnish-cache/issues/3996", }, { tags: [ "x_transferred", ], url: "https://github.com/tempesta-tech/tempesta/issues/1986", }, { tags: [ "x_transferred", ], url: "https://blog.vespa.ai/cve-2023-44487/", }, { tags: [ "x_transferred", ], url: "https://github.com/etcd-io/etcd/issues/16740", }, { tags: [ "x_transferred", ], url: "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event", }, { tags: [ "x_transferred", ], url: "https://istio.io/latest/news/security/istio-security-2023-004/", }, { tags: [ "x_transferred", ], url: "https://github.com/junkurihara/rust-rpxy/issues/97", }, { tags: [ "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1216123", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", }, { tags: [ "x_transferred", ], url: "https://ubuntu.com/security/CVE-2023-44487", }, { tags: [ "x_transferred", ], url: "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125", }, { tags: [ "x_transferred", ], url: "https://github.com/advisories/GHSA-qppj-fm5r-hxr3", }, { tags: [ "x_transferred", ], url: "https://github.com/apache/httpd-site/pull/10", }, { tags: [ "x_transferred", ], url: "https://github.com/projectcontour/contour/pull/5826", }, { tags: [ "x_transferred", ], url: "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632", }, { tags: [ "x_transferred", ], url: "https://github.com/line/armeria/pull/5232", }, { tags: [ "x_transferred", ], url: "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/", }, { tags: [ "x_transferred", ], url: "https://security.paloaltonetworks.com/CVE-2023-44487", }, { tags: [ "x_transferred", ], url: "https://github.com/akka/akka-http/issues/4323", }, { tags: [ "x_transferred", ], url: "https://github.com/openresty/openresty/issues/930", }, { tags: [ "x_transferred", ], url: "https://github.com/apache/apisix/issues/10320", }, { tags: [ "x_transferred", ], url: "https://github.com/Azure/AKS/issues/3947", }, { tags: [ "x_transferred", ], url: "https://github.com/Kong/kong/discussions/11741", }, { tags: [ "x_transferred", ], url: "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487", }, { tags: [ "x_transferred", ], url: "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/", }, { tags: [ "x_transferred", ], url: "https://github.com/caddyserver/caddy/releases/tag/v2.7.5", }, { name: "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", }, { name: "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/4", }, { name: "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/9", }, { tags: [ "x_transferred", ], url: "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/", }, { tags: [ "x_transferred", ], url: "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html", }, { name: "FEDORA-2023-ed2642fd58", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", }, { tags: [ "x_transferred", ], url: "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/", }, { name: "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231016-0001/", }, { name: "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html", }, { name: "[oss-security] 20231018 Vulnerability in Jenkins", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/4", }, { name: "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/8", }, { name: "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/19/6", }, { name: "FEDORA-2023-54fadada12", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", }, { name: "FEDORA-2023-5ff7bf1dd8", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", }, { name: "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/20/8", }, { name: "FEDORA-2023-17efd3f2cd", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", }, { name: "FEDORA-2023-d5030c983c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", }, { name: "FEDORA-2023-0259c3f26f", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", }, { name: "FEDORA-2023-2a9214af5f", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", }, { name: "FEDORA-2023-e9c04d81c1", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", }, { name: "FEDORA-2023-f66fc0f62a", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", }, { name: "FEDORA-2023-4d2fd884ea", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", }, { name: "FEDORA-2023-b2c50535cb", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", }, { name: "FEDORA-2023-fe53e13b5b", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", }, { name: "FEDORA-2023-4bf641255e", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", }, { name: "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", }, { name: "DSA-5540", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5540", }, { name: "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html", }, { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715", }, { name: "FEDORA-2023-1caffb88af", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", }, { name: "FEDORA-2023-3f70b8d406", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", }, { name: "FEDORA-2023-7b52921cae", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", }, { name: "FEDORA-2023-7934802344", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", }, { name: "FEDORA-2023-dbe64661af", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", }, { name: "FEDORA-2023-822aab0a5a", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", }, { name: "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html", }, { name: "DSA-5549", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5549", }, { name: "FEDORA-2023-c0c6a91330", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", }, { name: "FEDORA-2023-492b7be466", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", }, { name: "DSA-5558", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5558", }, { name: "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html", }, { name: "GLSA-202311-09", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202311-09", }, { name: "DSA-5570", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5570", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240426-0007/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0007/", }, { url: "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-07T18:15:13.812Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73", }, { url: "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/", }, { url: "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/", }, { url: "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack", }, { url: "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", }, { url: "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/", }, { url: "https://news.ycombinator.com/item?id=37831062", }, { url: "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/", }, { url: "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack", }, { url: "https://github.com/envoyproxy/envoy/pull/30055", }, { url: "https://github.com/haproxy/haproxy/issues/2312", }, { url: "https://github.com/eclipse/jetty.project/issues/10679", }, { url: "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764", }, { url: "https://github.com/nghttp2/nghttp2/pull/1961", }, { url: "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61", }, { url: "https://github.com/alibaba/tengine/issues/1872", }, { url: "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2", }, { url: "https://news.ycombinator.com/item?id=37830987", }, { url: "https://news.ycombinator.com/item?id=37830998", }, { url: "https://github.com/caddyserver/caddy/issues/5877", }, { url: "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/", }, { url: "https://github.com/bcdannyboy/CVE-2023-44487", }, { url: "https://github.com/grpc/grpc-go/pull/6703", }, { url: "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244", }, { url: "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0", }, { url: "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html", }, { url: "https://my.f5.com/manage/s/article/K000137106", }, { url: "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/", }, { url: "https://bugzilla.proxmox.com/show_bug.cgi?id=4988", }, { url: "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9", }, { name: "[oss-security] 20231010 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/10/7", }, { name: "[oss-security] 20231010 CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/10/6", }, { url: "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected", }, { url: "https://github.com/microsoft/CBL-Mariner/pull/6381", }, { url: "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo", }, { url: "https://github.com/facebook/proxygen/pull/466", }, { url: "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088", }, { url: "https://github.com/micrictor/http2-rst-stream", }, { url: "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve", }, { url: "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/", }, { url: "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf", }, { url: "https://github.com/h2o/h2o/pull/3291", }, { url: "https://github.com/nodejs/node/pull/50121", }, { url: "https://github.com/dotnet/announcements/issues/277", }, { url: "https://github.com/golang/go/issues/63417", }, { url: "https://github.com/advisories/GHSA-vx74-f528-fxqg", }, { url: "https://github.com/apache/trafficserver/pull/10564", }, { url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487", }, { url: "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14", }, { url: "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q", }, { url: "https://www.openwall.com/lists/oss-security/2023/10/10/6", }, { url: "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487", }, { url: "https://github.com/opensearch-project/data-prepper/issues/3474", }, { url: "https://github.com/kubernetes/kubernetes/pull/121120", }, { url: "https://github.com/oqtane/oqtane.framework/discussions/3367", }, { url: "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p", }, { url: "https://netty.io/news/2023/10/10/4-1-100-Final.html", }, { url: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", }, { url: "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/", }, { url: "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack", }, { url: "https://news.ycombinator.com/item?id=37837043", }, { url: "https://github.com/kazu-yamamoto/http2/issues/93", }, { url: "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html", }, { url: "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1", }, { url: "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113", }, { name: "DSA-5522", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5522", }, { name: "DSA-5521", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5521", }, { url: "https://access.redhat.com/security/cve/cve-2023-44487", }, { url: "https://github.com/ninenines/cowboy/issues/1615", }, { url: "https://github.com/varnishcache/varnish-cache/issues/3996", }, { url: "https://github.com/tempesta-tech/tempesta/issues/1986", }, { url: "https://blog.vespa.ai/cve-2023-44487/", }, { url: "https://github.com/etcd-io/etcd/issues/16740", }, { url: "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event", }, { url: "https://istio.io/latest/news/security/istio-security-2023-004/", }, { url: "https://github.com/junkurihara/rust-rpxy/issues/97", }, { url: "https://bugzilla.suse.com/show_bug.cgi?id=1216123", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", }, { url: "https://ubuntu.com/security/CVE-2023-44487", }, { url: "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125", }, { url: "https://github.com/advisories/GHSA-qppj-fm5r-hxr3", }, { url: "https://github.com/apache/httpd-site/pull/10", }, { url: "https://github.com/projectcontour/contour/pull/5826", }, { url: "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632", }, { url: "https://github.com/line/armeria/pull/5232", }, { url: "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/", }, { url: "https://security.paloaltonetworks.com/CVE-2023-44487", }, { url: "https://github.com/akka/akka-http/issues/4323", }, { url: "https://github.com/openresty/openresty/issues/930", }, { url: "https://github.com/apache/apisix/issues/10320", }, { url: "https://github.com/Azure/AKS/issues/3947", }, { url: "https://github.com/Kong/kong/discussions/11741", }, { url: "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487", }, { url: "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/", }, { url: "https://github.com/caddyserver/caddy/releases/tag/v2.7.5", }, { name: "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", }, { name: "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/4", }, { name: "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/9", }, { url: "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/", }, { url: "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html", }, { name: "FEDORA-2023-ed2642fd58", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", }, { url: "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/", }, { name: "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html", }, { url: "https://security.netapp.com/advisory/ntap-20231016-0001/", }, { name: "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html", }, { name: "[oss-security] 20231018 Vulnerability in Jenkins", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/4", }, { name: "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/8", }, { name: "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/19/6", }, { name: "FEDORA-2023-54fadada12", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", }, { name: "FEDORA-2023-5ff7bf1dd8", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", }, { name: "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/20/8", }, { name: "FEDORA-2023-17efd3f2cd", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", }, { name: "FEDORA-2023-d5030c983c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", }, { name: "FEDORA-2023-0259c3f26f", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", }, { name: "FEDORA-2023-2a9214af5f", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", }, { name: "FEDORA-2023-e9c04d81c1", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", }, { name: "FEDORA-2023-f66fc0f62a", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", }, { name: "FEDORA-2023-4d2fd884ea", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", }, { name: "FEDORA-2023-b2c50535cb", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", }, { name: "FEDORA-2023-fe53e13b5b", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", }, { name: "FEDORA-2023-4bf641255e", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", }, { name: "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", }, { name: "DSA-5540", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5540", }, { name: "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html", }, { url: "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715", }, { name: "FEDORA-2023-1caffb88af", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", }, { name: "FEDORA-2023-3f70b8d406", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", }, { name: "FEDORA-2023-7b52921cae", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", }, { name: "FEDORA-2023-7934802344", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", }, { name: "FEDORA-2023-dbe64661af", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", }, { name: "FEDORA-2023-822aab0a5a", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", }, { name: "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html", }, { name: "DSA-5549", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5549", }, { name: "FEDORA-2023-c0c6a91330", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", }, { name: "FEDORA-2023-492b7be466", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", }, { name: "DSA-5558", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5558", }, { name: "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html", }, { name: "GLSA-202311-09", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202311-09", }, { name: "DSA-5570", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5570", }, { url: "https://security.netapp.com/advisory/ntap-20240426-0007/", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0007/", }, { url: "https://github.com/grpc/grpc/releases/tag/v1.59.2", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-44487", datePublished: "2023-10-10T00:00:00.000Z", dateReserved: "2023-09-29T00:00:00.000Z", dateUpdated: "2025-03-07T18:15:13.812Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-3978
Vulnerability from cvelistv5
Published
2023-08-02 19:48
Modified
2024-09-27 21:57
Severity ?
EPSS score ?
Summary
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| golang.org/x/net | golang.org/x/net/html |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:08:50.711Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://go.dev/issue/61615", }, { tags: [ "x_transferred", ], url: "https://go.dev/cl/514896", }, { tags: [ "x_transferred", ], url: "https://pkg.go.dev/vuln/GO-2023-1988", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-3978", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T21:49:56.220204Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T21:57:51.807Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://pkg.go.dev", defaultStatus: "unaffected", packageName: "golang.org/x/net/html", product: "golang.org/x/net/html", programRoutines: [ { name: "render1", }, { name: "Render", }, ], vendor: "golang.org/x/net", versions: [ { lessThan: "0.13.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.", }, ], problemTypes: [ { descriptions: [ { description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-02T19:48:56.676Z", orgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", shortName: "Go", }, references: [ { url: "https://go.dev/issue/61615", }, { url: "https://go.dev/cl/514896", }, { url: "https://pkg.go.dev/vuln/GO-2023-1988", }, ], title: "Improper rendering of text nodes in golang.org/x/net/html", }, }, cveMetadata: { assignerOrgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", assignerShortName: "Go", cveId: "CVE-2023-3978", datePublished: "2023-08-02T19:48:56.676Z", dateReserved: "2023-07-27T17:05:38.856Z", dateUpdated: "2024-09-27T21:57:51.807Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39319
Vulnerability from cvelistv5
Published
2023-09-08 16:13
Modified
2025-02-13 17:02
Severity ?
EPSS score ?
Summary
The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Go standard library | html/template |
Version: 0 ≤ Version: 1.21.0-0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:02:06.746Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://go.dev/issue/62197", }, { tags: [ "x_transferred", ], url: "https://go.dev/cl/526157", }, { tags: [ "x_transferred", ], url: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", }, { tags: [ "x_transferred", ], url: "https://pkg.go.dev/vuln/GO-2023-2043", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231020-0009/", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202311-09", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-39319", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T16:02:49.339620Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T16:04:58.123Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://pkg.go.dev", defaultStatus: "unaffected", packageName: "html/template", product: "html/template", programRoutines: [ { name: "escaper.escapeText", }, { name: "tSpecialTagEnd", }, { name: "indexTagEnd", }, { name: "Template.Execute", }, { name: "Template.ExecuteTemplate", }, ], vendor: "Go standard library", versions: [ { lessThan: "1.20.8", status: "affected", version: "0", versionType: "semver", }, { lessThan: "1.21.1", status: "affected", version: "1.21.0-0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", value: "Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.)", }, ], descriptions: [ { lang: "en", value: "The html/template package does not apply the proper rules for handling occurrences of \"<script\", \"<!--\", and \"</script\" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.", }, ], problemTypes: [ { descriptions: [ { description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-25T11:10:06.783Z", orgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", shortName: "Go", }, references: [ { url: "https://go.dev/issue/62197", }, { url: "https://go.dev/cl/526157", }, { url: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", }, { url: "https://pkg.go.dev/vuln/GO-2023-2043", }, { url: "https://security.netapp.com/advisory/ntap-20231020-0009/", }, { url: "https://security.gentoo.org/glsa/202311-09", }, ], title: "Improper handling of special tags within script contexts in html/template", }, }, cveMetadata: { assignerOrgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", assignerShortName: "Go", cveId: "CVE-2023-39319", datePublished: "2023-09-08T16:13:28.663Z", dateReserved: "2023-07-27T17:05:55.186Z", dateUpdated: "2025-02-13T17:02:47.366Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41723
Vulnerability from cvelistv5
Published
2023-02-28 17:19
Modified
2025-02-13 16:33
Severity ?
EPSS score ?
Summary
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Go standard library | net/http |
Version: 0 ≤ Version: 1.20.0-0 ≤ |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:49:43.617Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20230331-0010/", }, { tags: [ "x_transferred", ], url: "https://go.dev/issue/57855", }, { tags: [ "x_transferred", ], url: "https://go.dev/cl/468135", }, { tags: [ "x_transferred", ], url: "https://go.dev/cl/468295", }, { tags: [ "x_transferred", ], url: "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", }, { tags: [ "x_transferred", ], url: "https://pkg.go.dev/vuln/GO-2023-1571", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", }, { tags: [ "x_transferred", ], url: "https://www.couchbase.com/alerts/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202311-09", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://pkg.go.dev", defaultStatus: "unaffected", packageName: "net/http", product: "net/http", programRoutines: [ { name: "Transport.RoundTrip", }, { name: "Server.Serve", }, { name: "Client.Do", }, { name: "Client.Get", }, { name: "Client.Head", }, { name: "Client.Post", }, { name: "Client.PostForm", }, { name: "Get", }, { name: "Head", }, { name: "ListenAndServe", }, { name: "ListenAndServeTLS", }, { name: "Post", }, { name: "PostForm", }, { name: "Serve", }, { name: "ServeTLS", }, { name: "Server.ListenAndServe", }, { name: "Server.ListenAndServeTLS", }, { name: "Server.ServeTLS", }, ], vendor: "Go standard library", versions: [ { lessThan: "1.19.6", status: "affected", version: "0", versionType: "semver", }, { lessThan: "1.20.1", status: "affected", version: "1.20.0-0", versionType: "semver", }, ], }, { collectionURL: "https://pkg.go.dev", defaultStatus: "unaffected", packageName: "golang.org/x/net/http2", product: "golang.org/x/net/http2", programRoutines: [ { name: "Transport.RoundTrip", }, { name: "Server.ServeConn", }, { name: "ClientConn.Close", }, { name: "ClientConn.Ping", }, { name: "ClientConn.RoundTrip", }, { name: "ClientConn.Shutdown", }, { name: "ConfigureServer", }, { name: "ConfigureTransport", }, { name: "ConfigureTransports", }, { name: "ConnectionError.Error", }, { name: "ErrCode.String", }, { name: "FrameHeader.String", }, { name: "FrameType.String", }, { name: "FrameWriteRequest.String", }, { name: "Framer.ReadFrame", }, { name: "Framer.WriteContinuation", }, { name: "Framer.WriteData", }, { name: "Framer.WriteDataPadded", }, { name: "Framer.WriteGoAway", }, { name: "Framer.WriteHeaders", }, { name: "Framer.WritePing", }, { name: "Framer.WritePriority", }, { name: "Framer.WritePushPromise", }, { name: "Framer.WriteRSTStream", }, { name: "Framer.WriteRawFrame", }, { name: "Framer.WriteSettings", }, { name: "Framer.WriteSettingsAck", }, { name: "Framer.WriteWindowUpdate", }, { name: "GoAwayError.Error", }, { name: "ReadFrameHeader", }, { name: "Setting.String", }, { name: "SettingID.String", }, { name: "SettingsFrame.ForeachSetting", }, { name: "StreamError.Error", }, { name: "Transport.CloseIdleConnections", }, { name: "Transport.NewClientConn", }, { name: "Transport.RoundTripOpt", }, { name: "bufferedWriter.Flush", }, { name: "bufferedWriter.Write", }, { name: "chunkWriter.Write", }, { name: "clientConnPool.GetClientConn", }, { name: "connError.Error", }, { name: "dataBuffer.Read", }, { name: "duplicatePseudoHeaderError.Error", }, { name: "gzipReader.Close", }, { name: "gzipReader.Read", }, { name: "headerFieldNameError.Error", }, { name: "headerFieldValueError.Error", }, { name: "noDialClientConnPool.GetClientConn", }, { name: "noDialH2RoundTripper.RoundTrip", }, { name: "pipe.Read", }, { name: "priorityWriteScheduler.CloseStream", }, { name: "priorityWriteScheduler.OpenStream", }, { name: "pseudoHeaderError.Error", }, { name: "requestBody.Close", }, { name: "requestBody.Read", }, { name: "responseWriter.Flush", }, { name: "responseWriter.FlushError", }, { name: "responseWriter.Push", }, { name: "responseWriter.SetReadDeadline", }, { name: "responseWriter.SetWriteDeadline", }, { name: "responseWriter.Write", }, { name: "responseWriter.WriteHeader", }, { name: "responseWriter.WriteString", }, { name: "serverConn.CloseConn", }, { name: "serverConn.Flush", }, { name: "stickyErrWriter.Write", }, { name: "transportResponseBody.Close", }, { name: "transportResponseBody.Read", }, { name: "writeData.String", }, ], vendor: "golang.org/x/net", versions: [ { lessThan: "0.7.0", status: "affected", version: "0", versionType: "semver", }, ], }, { collectionURL: "https://pkg.go.dev", defaultStatus: "unaffected", packageName: "golang.org/x/net/http2/hpack", product: "golang.org/x/net/http2/hpack", programRoutines: [ { name: "Decoder.parseFieldLiteral", }, { name: "Decoder.readString", }, { name: "Decoder.DecodeFull", }, { name: "Decoder.Write", }, ], vendor: "golang.org/x/net", versions: [ { lessThan: "0.7.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", value: "Philippe Antoine (Catena cyber)", }, ], descriptions: [ { lang: "en", value: "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", }, ], problemTypes: [ { descriptions: [ { description: "CWE 400: Uncontrolled Resource Consumption", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-25T11:09:48.448Z", orgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", shortName: "Go", }, references: [ { url: "https://go.dev/issue/57855", }, { url: "https://go.dev/cl/468135", }, { url: "https://go.dev/cl/468295", }, { url: "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", }, { url: "https://pkg.go.dev/vuln/GO-2023-1571", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", }, { url: "https://www.couchbase.com/alerts/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", }, { url: "https://security.gentoo.org/glsa/202311-09", }, ], title: "Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net", }, }, cveMetadata: { assignerOrgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", assignerShortName: "Go", cveId: "CVE-2022-41723", datePublished: "2023-02-28T17:19:45.801Z", dateReserved: "2022-09-28T17:00:06.610Z", dateUpdated: "2025-02-13T16:33:09.341Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-43804
Vulnerability from cvelistv5
Published
2023-10-04 16:01
Modified
2025-02-13 17:13
Severity ?
EPSS score ?
Summary
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-12-13T13:09:25.296Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f", }, { name: "https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb", }, { name: "https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/", }, { url: "https://www.vicarius.io/vsociety/posts/cve-2023-43804-urllib3-vulnerability-3", }, { url: "https://security.netapp.com/advisory/ntap-20241213-0007/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "urllib3", vendor: "urllib3", versions: [ { status: "affected", version: ">= 2.0.0, < 2.0.6", }, { status: "affected", version: "< 1.26.17", }, ], }, ], descriptions: [ { lang: "en", value: "urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-03T21:06:26.816Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f", }, { name: "https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb", tags: [ "x_refsource_MISC", ], url: "https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb", }, { name: "https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d", tags: [ "x_refsource_MISC", ], url: "https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d", }, { url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/", }, ], source: { advisory: "GHSA-v845-jxx5-vc9f", discovery: "UNKNOWN", }, title: "`Cookie` HTTP header isn't stripped on cross-origin redirects", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-43804", datePublished: "2023-10-04T16:01:50.447Z", dateReserved: "2023-09-22T14:51:42.340Z", dateUpdated: "2025-02-13T17:13:31.659Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4641
Vulnerability from cvelistv5
Published
2023-12-27 15:43
Modified
2025-04-17 20:33
Severity ?
EPSS score ?
Summary
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:6632 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:7112 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:0417 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2577 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-4641 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2215945 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | ||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:31:06.633Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2023:6632", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6632", }, { name: "RHSA-2023:7112", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7112", }, { name: "RHSA-2024:0417", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0417", }, { name: "RHSA-2024:2577", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:2577", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-4641", }, { name: "RHBZ#2215945", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215945", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-4641", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-01-02T18:19:24.685793Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-17T20:33:22.477Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/shadow-maint/shadow", defaultStatus: "affected", packageName: "shadow-utils", versions: [ { lessThan: "*", status: "unaffected", version: "4.14.0-rc1", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "shadow-utils", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:4.6-19.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::crb", ], defaultStatus: "affected", packageName: "shadow-utils", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:4.6-17.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::crb", ], defaultStatus: "affected", packageName: "shadow-utils", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:4.6-17.el8_8.2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/o:redhat:enterprise_linux:9::baseos", ], defaultStatus: "affected", packageName: "shadow-utils", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:4.9-8.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "shadow-utils", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "shadow-utils", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, ], datePublic: "2023-06-17T00:00:00.000Z", descriptions: [ { lang: "en", value: "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Low", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-303", description: "Incorrect Implementation of Authentication Algorithm", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T15:32:38.166Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2023:6632", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6632", }, { name: "RHSA-2023:7112", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7112", }, { name: "RHSA-2024:0417", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0417", }, { name: "RHSA-2024:2577", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:2577", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-4641", }, { name: "RHBZ#2215945", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215945", }, ], timeline: [ { lang: "en", time: "2023-06-17T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-06-17T00:00:00+00:00", value: "Made public.", }, ], title: "Shadow-utils: possible password leak during passwd(1) change", x_redhatCweChain: "CWE-303: Incorrect Implementation of Authentication Algorithm", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-4641", datePublished: "2023-12-27T15:43:22.929Z", dateReserved: "2023-08-30T17:16:27.137Z", dateUpdated: "2025-04-17T20:33:22.477Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-31030
Vulnerability from cvelistv5
Published
2022-06-06 00:00
Modified
2024-08-03 07:03
Severity ?
EPSS score ?
Summary
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an "exec" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| containerd | containerd |
Version: < 1.5.13 Version: >= 1.6.0, < 1.6.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:03:40.336Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf", }, { tags: [ "x_transferred", ], url: "https://github.com/containerd/containerd/commit/c1bcabb4541930f643aa36a2b38655e131346382", }, { name: "[oss-security] 20220606 CVE-2022-31030: containerd CRI plugin: Host memory exhaustion through ExecSync", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/06/07/1", }, { name: "DSA-5162", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5162", }, { name: "FEDORA-2022-725ac93b48", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD/", }, { name: "FEDORA-2022-1da581ac6d", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO/", }, { name: "GLSA-202401-31", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-31", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "containerd", vendor: "containerd", versions: [ { status: "affected", version: "< 1.5.13", }, { status: "affected", version: ">= 1.6.0, < 1.6.6", }, ], }, ], descriptions: [ { lang: "en", value: "containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an \"exec\" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-31T13:06:25.784592", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { url: "https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf", }, { url: "https://github.com/containerd/containerd/commit/c1bcabb4541930f643aa36a2b38655e131346382", }, { name: "[oss-security] 20220606 CVE-2022-31030: containerd CRI plugin: Host memory exhaustion through ExecSync", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/06/07/1", }, { name: "DSA-5162", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5162", }, { name: "FEDORA-2022-725ac93b48", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD/", }, { name: "FEDORA-2022-1da581ac6d", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO/", }, { name: "GLSA-202401-31", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202401-31", }, ], source: { advisory: "GHSA-5ffw-gxpp-mxpf", discovery: "UNKNOWN", }, title: "containerd CRI plugin: Host memory exhaustion through ExecSync", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-31030", datePublished: "2022-06-06T00:00:00", dateReserved: "2022-05-18T00:00:00", dateUpdated: "2024-08-03T07:03:40.336Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39325
Vulnerability from cvelistv5
Published
2023-10-11 21:15
Modified
2025-02-13 17:02
Severity ?
EPSS score ?
Summary
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Go standard library | net/http |
Version: 0 ≤ Version: 1.21.0-0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:02:06.746Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://go.dev/issue/63417", }, { tags: [ "x_transferred", ], url: "https://go.dev/cl/534215", }, { tags: [ "x_transferred", ], url: "https://go.dev/cl/534235", }, { tags: [ "x_transferred", ], url: "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", }, { tags: [ "x_transferred", ], url: "https://pkg.go.dev/vuln/GO-2023-2102", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231110-0008/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202311-09", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://pkg.go.dev", defaultStatus: "unaffected", packageName: "net/http", product: "net/http", programRoutines: [ { name: "http2serverConn.serve", }, { name: "http2serverConn.processHeaders", }, { name: "http2serverConn.upgradeRequest", }, { name: "http2serverConn.runHandler", }, { name: "ListenAndServe", }, { name: "ListenAndServeTLS", }, { name: "Serve", }, { name: "ServeTLS", }, { name: "Server.ListenAndServe", }, { name: "Server.ListenAndServeTLS", }, { name: "Server.Serve", }, { name: "Server.ServeTLS", }, { name: "http2Server.ServeConn", }, ], vendor: "Go standard library", versions: [ { lessThan: "1.20.10", status: "affected", version: "0", versionType: "semver", }, { lessThan: "1.21.3", status: "affected", version: "1.21.0-0", versionType: "semver", }, ], }, { collectionURL: "https://pkg.go.dev", defaultStatus: "unaffected", packageName: "golang.org/x/net/http2", product: "golang.org/x/net/http2", programRoutines: [ { name: "serverConn.serve", }, { name: "serverConn.processHeaders", }, { name: "serverConn.upgradeRequest", }, { name: "serverConn.runHandler", }, { name: "Server.ServeConn", }, ], vendor: "golang.org/x/net", versions: [ { lessThan: "0.17.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", }, ], problemTypes: [ { descriptions: [ { description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-28T04:05:57.980Z", orgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", shortName: "Go", }, references: [ { url: "https://go.dev/issue/63417", }, { url: "https://go.dev/cl/534215", }, { url: "https://go.dev/cl/534235", }, { url: "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", }, { url: "https://pkg.go.dev/vuln/GO-2023-2102", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", }, { url: "https://security.netapp.com/advisory/ntap-20231110-0008/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/", }, { url: "https://security.gentoo.org/glsa/202311-09", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/", }, ], title: "HTTP/2 rapid reset can cause excessive work in net/http", }, }, cveMetadata: { assignerOrgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", assignerShortName: "Go", cveId: "CVE-2023-39325", datePublished: "2023-10-11T21:15:02.727Z", dateReserved: "2023-07-27T17:05:55.188Z", dateUpdated: "2025-02-13T17:02:50.341Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.