Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for astra_trident by netapp

    CVE-2023-39325 (GCVE-0-2023-39325)

    Vulnerability from nvd – Published: 2023-10-11 21:15 – Updated: 2025-02-13 17:02
    VLAI
    Title
    HTTP/2 rapid reset can cause excessive work in net/http
    Summary
    A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.
    Severity
    No CVSS data available.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Go
    References
    URL Tags
    https://go.dev/issue/63417
    https://go.dev/cl/534215
    https://go.dev/cl/534235
    https://groups.google.com/g/golang-announce/c/iNN…
    https://pkg.go.dev/vuln/GO-2023-2102
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://security.netapp.com/advisory/ntap-2023111…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://security.gentoo.org/glsa/202311-09
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    Impacted products
    Vendor Product Version
    Go standard library net/http Affected: 0 , < 1.20.10 (semver)
    Affected: 1.21.0-0 , < 1.21.3 (semver)
    Create a notification for this product.
    golang.org/x/net golang.org/x/net/http2 Affected: 0 , < 0.17.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:02:06.746Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/issue/63417"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/cl/534215"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/cl/534235"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2023-2102"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231110-0008/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202311-09"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "net/http",
              "product": "net/http",
              "programRoutines": [
                {
                  "name": "http2serverConn.serve"
                },
                {
                  "name": "http2serverConn.processHeaders"
                },
                {
                  "name": "http2serverConn.upgradeRequest"
                },
                {
                  "name": "http2serverConn.runHandler"
                },
                {
                  "name": "ListenAndServe"
                },
                {
                  "name": "ListenAndServeTLS"
                },
                {
                  "name": "Serve"
                },
                {
                  "name": "ServeTLS"
                },
                {
                  "name": "Server.ListenAndServe"
                },
                {
                  "name": "Server.ListenAndServeTLS"
                },
                {
                  "name": "Server.Serve"
                },
                {
                  "name": "Server.ServeTLS"
                },
                {
                  "name": "http2Server.ServeConn"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.20.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.21.3",
                  "status": "affected",
                  "version": "1.21.0-0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "golang.org/x/net/http2",
              "product": "golang.org/x/net/http2",
              "programRoutines": [
                {
                  "name": "serverConn.serve"
                },
                {
                  "name": "serverConn.processHeaders"
                },
                {
                  "name": "serverConn.upgradeRequest"
                },
                {
                  "name": "serverConn.runHandler"
                },
                {
                  "name": "Server.ServeConn"
                }
              ],
              "vendor": "golang.org/x/net",
              "versions": [
                {
                  "lessThan": "0.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-28T04:05:57.980Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/issue/63417"
            },
            {
              "url": "https://go.dev/cl/534215"
            },
            {
              "url": "https://go.dev/cl/534235"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2023-2102"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231110-0008/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/"
            },
            {
              "url": "https://security.gentoo.org/glsa/202311-09"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/"
            }
          ],
          "title": "HTTP/2 rapid reset can cause excessive work in net/http"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2023-39325",
        "datePublished": "2023-10-11T21:15:02.727Z",
        "dateReserved": "2023-07-27T17:05:55.188Z",
        "dateUpdated": "2025-02-13T17:02:50.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-28948 (GCVE-0-2022-28948)

    Vulnerability from nvd – Published: 2022-05-19 19:59 – Updated: 2024-08-03 06:10
    VLAI
    Summary
    An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:10:57.622Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/go-yaml/yaml/issues/666"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220923-0006/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-23T14:06:21.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/go-yaml/yaml/issues/666"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220923-0006/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-28948",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/go-yaml/yaml/issues/666",
                  "refsource": "MISC",
                  "url": "https://github.com/go-yaml/yaml/issues/666"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20220923-0006/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20220923-0006/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-28948",
        "datePublished": "2022-05-19T19:59:30.000Z",
        "dateReserved": "2022-04-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:10:57.622Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24921 (GCVE-0-2022-24921)

    Vulnerability from nvd – Published: 2022-03-05 00:00 – Updated: 2024-08-03 04:29
    VLAI
    Summary
    regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:29:01.519Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220325-0010/"
              },
              {
                "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
              },
              {
                "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
              },
              {
                "name": "GLSA-202208-02",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202208-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
              },
              {
                "name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-19T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20220325-0010/"
            },
            {
              "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
            },
            {
              "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
            },
            {
              "name": "GLSA-202208-02",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202208-02"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
            },
            {
              "name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-24921",
        "datePublished": "2022-03-05T00:00:00.000Z",
        "dateReserved": "2022-02-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:29:01.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39325 (GCVE-0-2023-39325)

    Vulnerability from cvelistv5 – Published: 2023-10-11 21:15 – Updated: 2025-02-13 17:02
    VLAI
    Title
    HTTP/2 rapid reset can cause excessive work in net/http
    Summary
    A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.
    Severity
    No CVSS data available.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Go
    References
    URL Tags
    https://go.dev/issue/63417
    https://go.dev/cl/534215
    https://go.dev/cl/534235
    https://groups.google.com/g/golang-announce/c/iNN…
    https://pkg.go.dev/vuln/GO-2023-2102
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://security.netapp.com/advisory/ntap-2023111…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://security.gentoo.org/glsa/202311-09
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    Impacted products
    Vendor Product Version
    Go standard library net/http Affected: 0 , < 1.20.10 (semver)
    Affected: 1.21.0-0 , < 1.21.3 (semver)
    Create a notification for this product.
    golang.org/x/net golang.org/x/net/http2 Affected: 0 , < 0.17.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:02:06.746Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/issue/63417"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/cl/534215"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/cl/534235"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2023-2102"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231110-0008/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202311-09"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "net/http",
              "product": "net/http",
              "programRoutines": [
                {
                  "name": "http2serverConn.serve"
                },
                {
                  "name": "http2serverConn.processHeaders"
                },
                {
                  "name": "http2serverConn.upgradeRequest"
                },
                {
                  "name": "http2serverConn.runHandler"
                },
                {
                  "name": "ListenAndServe"
                },
                {
                  "name": "ListenAndServeTLS"
                },
                {
                  "name": "Serve"
                },
                {
                  "name": "ServeTLS"
                },
                {
                  "name": "Server.ListenAndServe"
                },
                {
                  "name": "Server.ListenAndServeTLS"
                },
                {
                  "name": "Server.Serve"
                },
                {
                  "name": "Server.ServeTLS"
                },
                {
                  "name": "http2Server.ServeConn"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.20.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.21.3",
                  "status": "affected",
                  "version": "1.21.0-0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "golang.org/x/net/http2",
              "product": "golang.org/x/net/http2",
              "programRoutines": [
                {
                  "name": "serverConn.serve"
                },
                {
                  "name": "serverConn.processHeaders"
                },
                {
                  "name": "serverConn.upgradeRequest"
                },
                {
                  "name": "serverConn.runHandler"
                },
                {
                  "name": "Server.ServeConn"
                }
              ],
              "vendor": "golang.org/x/net",
              "versions": [
                {
                  "lessThan": "0.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-28T04:05:57.980Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/issue/63417"
            },
            {
              "url": "https://go.dev/cl/534215"
            },
            {
              "url": "https://go.dev/cl/534235"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2023-2102"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231110-0008/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/"
            },
            {
              "url": "https://security.gentoo.org/glsa/202311-09"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/"
            }
          ],
          "title": "HTTP/2 rapid reset can cause excessive work in net/http"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2023-39325",
        "datePublished": "2023-10-11T21:15:02.727Z",
        "dateReserved": "2023-07-27T17:05:55.188Z",
        "dateUpdated": "2025-02-13T17:02:50.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-28948 (GCVE-0-2022-28948)

    Vulnerability from cvelistv5 – Published: 2022-05-19 19:59 – Updated: 2024-08-03 06:10
    VLAI
    Summary
    An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:10:57.622Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/go-yaml/yaml/issues/666"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220923-0006/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-23T14:06:21.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/go-yaml/yaml/issues/666"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220923-0006/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-28948",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/go-yaml/yaml/issues/666",
                  "refsource": "MISC",
                  "url": "https://github.com/go-yaml/yaml/issues/666"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20220923-0006/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20220923-0006/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-28948",
        "datePublished": "2022-05-19T19:59:30.000Z",
        "dateReserved": "2022-04-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:10:57.622Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24921 (GCVE-0-2022-24921)

    Vulnerability from cvelistv5 – Published: 2022-03-05 00:00 – Updated: 2024-08-03 04:29
    VLAI
    Summary
    regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:29:01.519Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220325-0010/"
              },
              {
                "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
              },
              {
                "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
              },
              {
                "name": "GLSA-202208-02",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202208-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
              },
              {
                "name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-19T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20220325-0010/"
            },
            {
              "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
            },
            {
              "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
            },
            {
              "name": "GLSA-202208-02",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202208-02"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
            },
            {
              "name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-24921",
        "datePublished": "2022-03-05T00:00:00.000Z",
        "dateReserved": "2022-02-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:29:01.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }