VDB
RHSA-2022%3A0587
RHSA-2022%3A0587
PUBLISHED
CVSS 7.5 HIGH
There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | stf/sg-core-rhel8@sha256:f1587eb3ef058462e39cff35f5dc8b81e741b087de00ce2f04ff3d6ee2672355_amd64 as a component of Service Telemetry Framework 1.3 for RHEL 8 | stf/sg-core-rhel8@sha256:f1587eb3ef058462e39cff35f5dc8b81e741b087de00ce2f04ff3d6ee2672355_amd64 |
Timeline
- Feb 21, 2022 CVE Published
- Mar 27, 2026 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2022:0587 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2016460 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2030801 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0587.json advisory
- https://access.redhat.com/security/cve/CVE-2021-44716 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-44716 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-44716 advisory
- https://groups.google.com/g/golang-announce/c/hcmEScgc00k advisory