VDB
RHSA-2023%3A3918
RHSA-2023%3A3918
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64 as a component of 8Base-OADP-1.1 | *, *, * |
| Red Hat | oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64 as a component of 8Base-OADP-1.1 | *, *, oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64 |
| Red Hat | oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64 as a component of 8Base-OADP-1.1 | oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64, *, oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64 |
| Red Hat | oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le as a component of 8Base-OADP-1.1 | oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le, *, * |
| Red Hat | oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x as a component of 8Base-OADP-1.1 | *, *, oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x |
| Red Hat | oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x as a component of 8Base-OADP-1.1 | *, *, * |
| Red Hat | oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le as a component of 8Base-OADP-1.1 | *, *, oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le |
| Red Hat | oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x as a component of 8Base-OADP-1.1 | *, oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x, oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x |
| Red Hat | oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64 as a component of 8Base-OADP-1.1 | oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64, *, oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64 |
| Red Hat | oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x as a component of 8Base-OADP-1.1 | oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x, oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x, oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x |
| Red Hat | oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64 as a component of 8Base-OADP-1.1 | *, oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64, oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64 |
| Red Hat | oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64 as a component of 8Base-OADP-1.1 | oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64, oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64, oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64 |
| Red Hat | oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64 as a component of 8Base-OADP-1.1 | oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64, oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64, oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64 |
| Red Hat | oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x as a component of 8Base-OADP-1.1 | oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x, oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x, oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x |
| Red Hat | oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x as a component of 8Base-OADP-1.1 | oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x, oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x, oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x |
| Red Hat | oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64 as a component of 8Base-OADP-1.1 | oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64, oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64, oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64 |
| Red Hat | oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64 as a component of 8Base-OADP-1.1 | oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64, *, oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64 |
| Red Hat | oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x as a component of 8Base-OADP-1.1 | oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x, oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x, oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x |
| Red Hat | oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le as a component of 8Base-OADP-1.1 | oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le, oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le, oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le |
| golang | go |
…and 53 more
Timeline
- Jun 29, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2023:3918 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2178358 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2184481 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2184482 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2184483 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2184484 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2196026 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2196027 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2196029 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3918.json advisory
- https://access.redhat.com/security/cve/CVE-2022-41723 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-41723 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-41723 advisory
- https://github.com/advisories/GHSA-vvpx-j8f3-3w6h advisory
- https://go.dev/cl/468135 advisory
- https://go.dev/cl/468295 advisory
- https://go.dev/issue/57855 advisory
- https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E advisory
- https://pkg.go.dev/vuln/GO-2023-1571 advisory
…and 31 more