VDB
RHSA-2023%3A1448
RHSA-2023%3A1448
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift-service-mesh/istio-cni-rhel8@sha256:5e79124bf500b50aa64d74fe10e0b54063e4b2a5c9cc622ce0e513fa53f78036_s390x as a component of RHOSSM 2.3 for RHEL 8 | openshift-service-mesh/istio-cni-rhel8@sha256:5e79124bf500b50aa64d74fe10e0b54063e4b2a5c9cc622ce0e513fa53f78036_s390x |
| Red Hat | openshift-service-mesh/kiali-rhel8@sha256:f20849d738ee38b5e65710c51ae30f7dd5c5e1386734e2c9d07271ae04f9de7e_ppc64le as a component of RHOSSM 2.3 for RHEL 8 | * |
| Red Hat | openshift-service-mesh/istio-cni-rhel8@sha256:5e79124bf500b50aa64d74fe10e0b54063e4b2a5c9cc622ce0e513fa53f78036_s390x as a component of RHOSSM 2.3 for RHEL 8 | openshift-service-mesh/istio-cni-rhel8@sha256:5e79124bf500b50aa64d74fe10e0b54063e4b2a5c9cc622ce0e513fa53f78036_s390x |
| Red Hat | openshift-service-mesh/kiali-rhel8@sha256:1794453b96ced9d22eb62b0562ceb3d313966326e1f4c58812d630c96b768a0f_amd64 as a component of RHOSSM 2.3 for RHEL 8 | openshift-service-mesh/kiali-rhel8@sha256:1794453b96ced9d22eb62b0562ceb3d313966326e1f4c58812d630c96b768a0f_amd64 |
| Red Hat | openshift-service-mesh/prometheus-rhel8@sha256:403b41d0376cd61ad05941390a24943db7c8f7100f0f77150001bc76b744d1dd_s390x as a component of RHOSSM 2.3 for RHEL 8 | openshift-service-mesh/prometheus-rhel8@sha256:403b41d0376cd61ad05941390a24943db7c8f7100f0f77150001bc76b744d1dd_s390x |
| Red Hat | openshift-service-mesh/grafana-rhel8@sha256:fa18b7ca16b6f6bd03ba6c0fc7c647ded334c1713aeb4dde3e6e19bb153de52d_amd64 as a component of RHOSSM 2.3 for RHEL 8 | * |
| Red Hat | openshift-service-mesh/ratelimit-rhel8@sha256:a98496cb8953923f0afc48ad87d22ff7ab350d96fdeaabbb9b98aefcddc73b33_amd64 as a component of RHOSSM 2.3 for RHEL 8 | * |
| Red Hat | openshift-service-mesh/proxyv2-rhel8@sha256:131d2f3c8fc631ddd6953ede3392eac0363a4cc485d1b11caf94c9c5572ed43c_ppc64le as a component of RHOSSM 2.3 for RHEL 8 | openshift-service-mesh/proxyv2-rhel8@sha256:131d2f3c8fc631ddd6953ede3392eac0363a4cc485d1b11caf94c9c5572ed43c_ppc64le |
| Red Hat | openshift-service-mesh/pilot-rhel8@sha256:9b5baf148eb685bb0df69a0df77f1b0586d402cf4f176909ea634e68bfa03437_s390x as a component of RHOSSM 2.3 for RHEL 8 | openshift-service-mesh/pilot-rhel8@sha256:9b5baf148eb685bb0df69a0df77f1b0586d402cf4f176909ea634e68bfa03437_s390x |
| Red Hat | openshift-service-mesh/grafana-rhel8@sha256:1586092c783997486caf507909dfe82c6a73a3e236d78df0698630995654d00e_s390x as a component of RHOSSM 2.3 for RHEL 8 | openshift-service-mesh/grafana-rhel8@sha256:1586092c783997486caf507909dfe82c6a73a3e236d78df0698630995654d00e_s390x |
| Red Hat | openshift-service-mesh/prometheus-rhel8@sha256:de6ccdd5ea9a2562911688db024be0d1d3c118f7d7ada739c11725689a5404ea_amd64 as a component of RHOSSM 2.3 for RHEL 8 | openshift-service-mesh/prometheus-rhel8@sha256:de6ccdd5ea9a2562911688db024be0d1d3c118f7d7ada739c11725689a5404ea_amd64 |
| Red Hat | openshift-service-mesh/pilot-rhel8@sha256:ff9420d2ba85f009dc044d50cdca7fc98fcc0bb4ee435d0099c2f5da0055d1a3_amd64 as a component of RHOSSM 2.3 for RHEL 8 | openshift-service-mesh/pilot-rhel8@sha256:ff9420d2ba85f009dc044d50cdca7fc98fcc0bb4ee435d0099c2f5da0055d1a3_amd64 |
| Red Hat | openshift-service-mesh/proxyv2-rhel8@sha256:6e1500b69e5e799d70d5e89a25cb5dc92f285f0e05d5a4140a11c4aae2e1872e_amd64 as a component of RHOSSM 2.3 for RHEL 8 | * |
| Red Hat | openshift-service-mesh/prometheus-rhel8@sha256:5c52a4379e5fb1b512e312ed917347fef086c9ac9a80e8c9121a0155f4d6cfff_ppc64le as a component of RHOSSM 2.3 for RHEL 8 | openshift-service-mesh/prometheus-rhel8@sha256:5c52a4379e5fb1b512e312ed917347fef086c9ac9a80e8c9121a0155f4d6cfff_ppc64le |
| Red Hat | openshift-service-mesh/proxyv2-rhel8@sha256:131d2f3c8fc631ddd6953ede3392eac0363a4cc485d1b11caf94c9c5572ed43c_ppc64le as a component of RHOSSM 2.3 for RHEL 8 | openshift-service-mesh/proxyv2-rhel8@sha256:131d2f3c8fc631ddd6953ede3392eac0363a4cc485d1b11caf94c9c5572ed43c_ppc64le |
| Red Hat | openshift-service-mesh/kiali-rhel8@sha256:598e956427dff0259d57b886c58bb0b464829c8c034b345ee65ad39d41eeaf41_s390x as a component of RHOSSM 2.3 for RHEL 8 | openshift-service-mesh/kiali-rhel8@sha256:598e956427dff0259d57b886c58bb0b464829c8c034b345ee65ad39d41eeaf41_s390x |
| Red Hat | openshift-service-mesh/kiali-rhel8@sha256:1794453b96ced9d22eb62b0562ceb3d313966326e1f4c58812d630c96b768a0f_amd64 as a component of RHOSSM 2.3 for RHEL 8 | * |
| Red Hat | openshift-service-mesh/grafana-rhel8@sha256:b630debe0d30be952695b9eabe2ad29f614f90c9973d0c704d45cddf4dc3ad12_ppc64le as a component of RHOSSM 2.3 for RHEL 8 | openshift-service-mesh/grafana-rhel8@sha256:b630debe0d30be952695b9eabe2ad29f614f90c9973d0c704d45cddf4dc3ad12_ppc64le |
| Red Hat | openshift-service-mesh/proxyv2-rhel8@sha256:6e1500b69e5e799d70d5e89a25cb5dc92f285f0e05d5a4140a11c4aae2e1872e_amd64 as a component of RHOSSM 2.3 for RHEL 8 | openshift-service-mesh/proxyv2-rhel8@sha256:6e1500b69e5e799d70d5e89a25cb5dc92f285f0e05d5a4140a11c4aae2e1872e_amd64 |
| Red Hat | openshift-service-mesh/prometheus-rhel8@sha256:403b41d0376cd61ad05941390a24943db7c8f7100f0f77150001bc76b744d1dd_s390x as a component of RHOSSM 2.3 for RHEL 8 | openshift-service-mesh/prometheus-rhel8@sha256:403b41d0376cd61ad05941390a24943db7c8f7100f0f77150001bc76b744d1dd_s390x |
…and 28 more
Exploit Intelligence
- Exploit for CVE-2022-41717 (github-poc)
Timeline
- Mar 23, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 30, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:1448 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2161274 issue
- https://issues.redhat.com/browse/OSSM-1330 advisory
- https://issues.redhat.com/browse/OSSM-2342 advisory
- https://issues.redhat.com/browse/OSSM-2371 advisory
- https://issues.redhat.com/browse/OSSM-2373 advisory
- https://issues.redhat.com/browse/OSSM-2374 advisory
- https://issues.redhat.com/browse/OSSM-2492 advisory
- https://issues.redhat.com/browse/OSSM-2493 advisory
- https://issues.redhat.com/browse/OSSM-3317 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1448.json advisory
- https://access.redhat.com/security/cve/CVE-2022-41717 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-41717 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-41717 advisory
- https://go.dev/cl/455635 advisory
- https://go.dev/cl/455717 advisory
- https://go.dev/issue/56350 advisory
- https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ advisory
- https://pkg.go.dev/vuln/GO-2022-1144 advisory