VDB
RHSA-2023%3A0931
RHSA-2023%3A0931
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift-logging/opa-openshift-rhel8@sha256:82a26a71a6b384cbd8adf6186a3b2206623e22a7d33c1f3167f986ac9d916db6_amd64 as a component of RHOL 5.4 for RHEL 8 | openshift-logging/opa-openshift-rhel8@sha256:82a26a71a6b384cbd8adf6186a3b2206623e22a7d33c1f3167f986ac9d916db6_amd64 |
| Red Hat | openshift-logging/kibana6-rhel8@sha256:c0b4072faad5afe90383b2a3d29a97579d69875ce5e6e2ea02d4cf900a05d9c8_s390x as a component of RHOL 5.4 for RHEL 8 | * |
| Red Hat | openshift-logging/elasticsearch-rhel8-operator@sha256:6b7d01c21ab3829e39ad2feb1d7f00557dc2b5445b3db0dd2efc240456f53307_amd64 as a component of RHOL 5.4 for RHEL 8 | openshift-logging/elasticsearch-rhel8-operator@sha256:6b7d01c21ab3829e39ad2feb1d7f00557dc2b5445b3db0dd2efc240456f53307_amd64 |
| Red Hat | openshift-logging/eventrouter-rhel8@sha256:64303daef8972539e596feccfb1fdd186e350083adcab0818b688217ad8d7a44_s390x as a component of RHOL 5.4 for RHEL 8 | openshift-logging/eventrouter-rhel8@sha256:64303daef8972539e596feccfb1fdd186e350083adcab0818b688217ad8d7a44_s390x |
| Red Hat | openshift-logging/lokistack-gateway-rhel8@sha256:968cf7bddb72ebcf5d34d0be94c6e9c06ea3b24adc8ee714d9eae72afe0ccceb_ppc64le as a component of RHOL 5.4 for RHEL 8 | openshift-logging/lokistack-gateway-rhel8@sha256:968cf7bddb72ebcf5d34d0be94c6e9c06ea3b24adc8ee714d9eae72afe0ccceb_ppc64le |
| Red Hat | openshift-logging/logging-loki-rhel8@sha256:dbe59a42235378fb3acdcfd920f527bf9dde3bceee12679983d9a8c672d3086b_ppc64le as a component of RHOL 5.4 for RHEL 8 | * |
| Red Hat | openshift-logging/loki-rhel8-operator@sha256:8b28ce44f52ceb5a685d1a3a4318f28747b51fe97be760b14f67ad8a67037c9b_amd64 as a component of RHOL 5.4 for RHEL 8 | * |
| Red Hat | openshift-logging/logging-curator5-rhel8@sha256:71d1a448a50a62831512fb80d803ad8134571af56595d545934e1d0dade4bfd2_amd64 as a component of RHOL 5.4 for RHEL 8 | openshift-logging/logging-curator5-rhel8@sha256:71d1a448a50a62831512fb80d803ad8134571af56595d545934e1d0dade4bfd2_amd64 |
| Red Hat | openshift-logging/kibana6-rhel8@sha256:d0adfb36cee7c3b1881461797dcf20c45cd7c961a98cab25da17cf79b1254183_amd64 as a component of RHOL 5.4 for RHEL 8 | openshift-logging/kibana6-rhel8@sha256:d0adfb36cee7c3b1881461797dcf20c45cd7c961a98cab25da17cf79b1254183_amd64 |
| Red Hat | openshift-logging/lokistack-gateway-rhel8@sha256:addc0296dbf47afb5cb6c2e23687ed22f767861ce8c48fabda5c0d3ed61474e7_amd64 as a component of RHOL 5.4 for RHEL 8 | openshift-logging/lokistack-gateway-rhel8@sha256:addc0296dbf47afb5cb6c2e23687ed22f767861ce8c48fabda5c0d3ed61474e7_amd64 |
| Red Hat | openshift-logging/logging-curator5-rhel8@sha256:b2519f1258c8dcfc1e843f5c19dee7c2e7ba96dbfca172387e66d21724235d35_s390x as a component of RHOL 5.4 for RHEL 8 | openshift-logging/logging-curator5-rhel8@sha256:b2519f1258c8dcfc1e843f5c19dee7c2e7ba96dbfca172387e66d21724235d35_s390x |
| Red Hat | openshift-logging/elasticsearch-rhel8-operator@sha256:6b7d01c21ab3829e39ad2feb1d7f00557dc2b5445b3db0dd2efc240456f53307_amd64 as a component of RHOL 5.4 for RHEL 8 | * |
| Red Hat | openshift-logging/logging-loki-rhel8@sha256:2b62a606e6abce2601fead1d9af312f661424f2009ec466919f5c724ae6b31c9_amd64 as a component of RHOL 5.4 for RHEL 8 | * |
| Red Hat | openshift-logging/vector-rhel8@sha256:b68a233e71b7b5b554718d097b66367a437a1373f18225379a30aabc043bb5aa_ppc64le as a component of RHOL 5.4 for RHEL 8 | * |
| Red Hat | openshift-logging/log-file-metric-exporter-rhel8@sha256:812450e04a798d5d3cc1af2e09cc8a46adda76a3424f1cc43655f5c7ef00ede4_amd64 as a component of RHOL 5.4 for RHEL 8 | openshift-logging/log-file-metric-exporter-rhel8@sha256:812450e04a798d5d3cc1af2e09cc8a46adda76a3424f1cc43655f5c7ef00ede4_amd64 |
| Red Hat | openshift-logging/loki-operator-bundle@sha256:154c903aec585af0d3ba39858cc92c610df9ec4e3801cb983dcb9e2d94fccc91_amd64 as a component of RHOL 5.4 for RHEL 8 | openshift-logging/loki-operator-bundle@sha256:154c903aec585af0d3ba39858cc92c610df9ec4e3801cb983dcb9e2d94fccc91_amd64 |
| Red Hat | openshift-logging/elasticsearch-rhel8-operator@sha256:2f125868f2726592f422a57d51e7cf976ea9bf9610ea02ae0271c0a2cde0e7f5_arm64 as a component of RHOL 5.4 for RHEL 8 | openshift-logging/elasticsearch-rhel8-operator@sha256:2f125868f2726592f422a57d51e7cf976ea9bf9610ea02ae0271c0a2cde0e7f5_arm64 |
| Red Hat | openshift-logging/kibana6-rhel8@sha256:9fa0aee38d99df9da31e725141c25a32a2ceb7ae8777fe0247a477bdae22e2c2_ppc64le as a component of RHOL 5.4 for RHEL 8 | openshift-logging/kibana6-rhel8@sha256:9fa0aee38d99df9da31e725141c25a32a2ceb7ae8777fe0247a477bdae22e2c2_ppc64le |
| Red Hat | openshift-logging/log-file-metric-exporter-rhel8@sha256:31863084d97df4186b8d28a7cace89b7eece7287f60c2a41b587c1f155342c21_ppc64le as a component of RHOL 5.4 for RHEL 8 | * |
| Red Hat | openshift-logging/vector-rhel8@sha256:ccd4d0f15754c251ca089157c06d41864021a1c9f2270a05c2483851b0f13a39_arm64 as a component of RHOL 5.4 for RHEL 8 | openshift-logging/vector-rhel8@sha256:ccd4d0f15754c251ca089157c06d41864021a1c9f2270a05c2483851b0f13a39_arm64 |
…and 98 more
Timeline
- Mar 8, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 30, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:0931 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2161274 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0931.json advisory
- https://access.redhat.com/security/cve/CVE-2022-41717 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-41717 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-41717 advisory
- https://go.dev/cl/455635 advisory
- https://go.dev/cl/455717 advisory
- https://go.dev/issue/56350 advisory
- https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ advisory
- https://pkg.go.dev/vuln/GO-2022-1144 advisory