VDB
RHSA-2023%3A0769
RHSA-2023%3A0769
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-cluster-network-operator@sha256:588ac55464f3db25117a8ed20a793ec3c76992aab7573c1c3fbaa9fc8c5d5b4f_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-network-operator@sha256:588ac55464f3db25117a8ed20a793ec3c76992aab7573c1c3fbaa9fc8c5d5b4f_ppc64le |
| Red Hat | openshift4/ose-csi-driver-manila-rhel8-operator@sha256:1ca0a575d371e8a1e5ed6f907063f204e14cfc340ded15d31858dc921608a2d8_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-driver-manila-rhel8-operator@sha256:1ca0a575d371e8a1e5ed6f907063f204e14cfc340ded15d31858dc921608a2d8_amd64 |
| Red Hat | openshift4/ose-hypershift-rhel8@sha256:5f9dd763425e75cfea871a0ff106b3eedf78e12b40d23624006df5cbd12659cc_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-hypershift-rhel8@sha256:5f9dd763425e75cfea871a0ff106b3eedf78e12b40d23624006df5cbd12659cc_s390x |
| Red Hat | openshift4/network-tools-rhel8@sha256:a8642b799958817ab8d71f152c44e1521510a1967ff4a50ea426d35e5db4a4a0_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/network-tools-rhel8@sha256:a8642b799958817ab8d71f152c44e1521510a1967ff4a50ea426d35e5db4a4a0_amd64 |
| Red Hat | openshift4/ose-hypershift-rhel8@sha256:2c0de48d3b4b3bafa1bce456b60086e3cdf65c1f7f1e3ea46c2cf052201ff3de_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-hypershift-rhel8@sha256:2c0de48d3b4b3bafa1bce456b60086e3cdf65c1f7f1e3ea46c2cf052201ff3de_amd64 |
| Red Hat | openshift4/ose-machine-config-operator@sha256:33b9e1b6e5c77f3e083119aa70ed79556540eb896e3b1f4f07792f213e06286a_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-machine-config-operator@sha256:33b9e1b6e5c77f3e083119aa70ed79556540eb896e3b1f4f07792f213e06286a_amd64 |
| Red Hat | openshift4/ose-machine-api-provider-openstack-rhel8@sha256:df8b87b869bbb65088edc7206dbee60db464a66eb67063dd62718b67a7a0e143_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | * |
| Red Hat | openshift4/ose-tests@sha256:9b8c78ff47a24fa7028c495094defef1439867071f0828c4f32e5c0d9f4b7511_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-tests@sha256:9b8c78ff47a24fa7028c495094defef1439867071f0828c4f32e5c0d9f4b7511_arm64 |
| Red Hat | openshift4/ose-machine-api-provider-openstack-rhel8@sha256:d07da0829c513f23fb19e731b7d3885c7a199003e026d0a921ddc5acc16e5bd0_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-machine-api-provider-openstack-rhel8@sha256:d07da0829c513f23fb19e731b7d3885c7a199003e026d0a921ddc5acc16e5bd0_ppc64le |
| Red Hat | openshift4/ose-csi-driver-manila-rhel8-operator@sha256:a9779ba505bfd7075fd0ca4a7317e72806d21b70cb83112572750d67aef1c2e0_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-driver-manila-rhel8-operator@sha256:a9779ba505bfd7075fd0ca4a7317e72806d21b70cb83112572750d67aef1c2e0_ppc64le |
| Red Hat | openshift4/ose-hypershift-rhel8@sha256:38d60e7ca124f74a61179c68f46f9adde20ee785bfaf531043fc8c642b8995ec_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-hypershift-rhel8@sha256:38d60e7ca124f74a61179c68f46f9adde20ee785bfaf531043fc8c642b8995ec_arm64 |
| Red Hat | openshift4/ose-ovn-kubernetes@sha256:c101097695848c91c6cd262c285f2bcaf7cd3e2c00c7f5fee7611cb4d2c63a39_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | * |
| Red Hat | openshift4/ose-installer-artifacts@sha256:45d2bbd6d99d2fcbba28efaf63583779db1762449a3d8fc8356f99321c187931_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-installer-artifacts@sha256:45d2bbd6d99d2fcbba28efaf63583779db1762449a3d8fc8356f99321c187931_arm64 |
| Red Hat | openshift4/ose-sdn-rhel8@sha256:1e54ac8b8ddd12e9ba23d0ca8a68aac7b2b23f55032ec84c31af81fb8cfae3f2_s390x as a component of Red Hat OpenShift Container Platform 4.12 | * |
| Red Hat | openshift4/ose-tests@sha256:217c543cbc2e5db80024697f15041a1a4f1cdf078d702d67ddace16f154e6017_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-tests@sha256:217c543cbc2e5db80024697f15041a1a4f1cdf078d702d67ddace16f154e6017_s390x |
| Red Hat | openshift4/ose-machine-os-images-rhel8@sha256:90173de5e4060e575239c0069579ff04727577c2a6b57cd1ce2b80a0755aff7a_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-machine-os-images-rhel8@sha256:90173de5e4060e575239c0069579ff04727577c2a6b57cd1ce2b80a0755aff7a_ppc64le |
| Red Hat | openshift4/ose-machine-os-images-rhel8@sha256:2efb8fda6fa1a7900187dc2ac54aecbc39f3be455f6e773e9eb9b7ace75bb52f_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-machine-os-images-rhel8@sha256:2efb8fda6fa1a7900187dc2ac54aecbc39f3be455f6e773e9eb9b7ace75bb52f_amd64 |
| Red Hat | openshift4/ose-tests@sha256:67e1b3cd0b3f677be60cb13179246c92f06827ac636050962b1292fdd14a01e5_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-tests@sha256:67e1b3cd0b3f677be60cb13179246c92f06827ac636050962b1292fdd14a01e5_amd64 |
| Red Hat | openshift4/ose-csi-driver-manila-rhel8-operator@sha256:1ca0a575d371e8a1e5ed6f907063f204e14cfc340ded15d31858dc921608a2d8_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | * |
| Red Hat | openshift4/ose-kube-proxy@sha256:c319347b053ef3e4b92eded60480d7325512b0aec9ac5e10baffd9e2cb4b7da0_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-kube-proxy@sha256:c319347b053ef3e4b92eded60480d7325512b0aec9ac5e10baffd9e2cb4b7da0_amd64 |
…and 124 more
Timeline
- Feb 20, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 30, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:0769 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2091214 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2161274 issue
- https://issues.redhat.com/browse/OCPBUGS-4778 advisory
- https://issues.redhat.com/browse/OCPBUGS-6260 advisory
- https://issues.redhat.com/browse/OCPBUGS-6637 advisory
- https://issues.redhat.com/browse/OCPBUGS-6779 advisory
- https://issues.redhat.com/browse/OCPBUGS-6788 advisory
- https://issues.redhat.com/browse/OCPBUGS-6807 advisory
- https://issues.redhat.com/browse/OCPBUGS-6973 advisory
- https://issues.redhat.com/browse/OCPBUGS-7044 advisory
- https://issues.redhat.com/browse/OCPBUGS-7208 advisory
- https://issues.redhat.com/browse/OCPBUGS-7227 advisory
- https://issues.redhat.com/browse/OCPBUGS-7230 advisory
- https://issues.redhat.com/browse/OCPBUGS-7285 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0769.json advisory
- https://access.redhat.com/security/cve/CVE-2022-41717 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-41717 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-41717 advisory
…and 5 more