CVE-2022-41723

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2022-41723

Severity

7.5

High

CVSS CVSS_V3

Description

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

References

https://images.chainguard.dev/security/CGA-894f-f35h-v64j
https://github.com/advisories/GHSA-vvpx-j8f3-3w6h
https://images.chainguard.dev/security/CGA-257w-7x5j-2xv6
https://images.chainguard.dev/security/CGA-hfmw-v39x-ghj8
https://images.chainguard.dev/security/CGA-fp2f-qggv-8c3m
https://images.chainguard.dev/security/CGA-qv4v-h6rw-2h27
https://images.chainguard.dev/security/CGA-x99q-68qp-jjqx
https://images.chainguard.dev/security/CGA-c962-6g5w-ff66
https://images.chainguard.dev/security/CGA-4j75-h46h-3v66
https://images.chainguard.dev/security/CGA-83rg-2w7v-r57p
https://images.chainguard.dev/security/CGA-v2m3-3m4p-rr98
https://images.chainguard.dev/security/CGA-684j-gpfg-g2gc
https://images.chainguard.dev/security/CGA-4fj9-r39p-xwg7
https://images.chainguard.dev/security/CGA-35q8-6f99-cv2q
https://images.chainguard.dev/security/CGA-2xvm-52m6-3g7x
https://images.chainguard.dev/security/CGA-fxmp-f2c7-xgg5
https://images.chainguard.dev/security/CGA-7wrx-wmfg-5cp8
https://images.chainguard.dev/security/CGA-4f7c-h9w2-cwvc
https://images.chainguard.dev/security/CGA-g3v4-fwfm-x54v
https://images.chainguard.dev/security/CGA-7v49-j888-wgcp
https://images.chainguard.dev/security/CGA-rq2p-h59j-r78g
https://images.chainguard.dev/security/CGA-v2f5-w32c-5qx5
https://images.chainguard.dev/security/CGA-cr6q-4759-qqpw
https://images.chainguard.dev/security/CGA-hjxg-fwfx-qj8f
https://images.chainguard.dev/security/CGA-f6rr-p9mr-hj4h
https://images.chainguard.dev/security/CGA-wvrf-c4p7-vg52
https://images.chainguard.dev/security/CGA-7g3h-hc9h-8q9q
https://images.chainguard.dev/security/CGA-vq98-cmvp-wwhv
https://images.chainguard.dev/security/CGA-67p2-r8wq-qjv2
https://images.chainguard.dev/security/CGA-hvp9-c5xq-jw43
https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/
https://pkg.go.dev/vuln/GO-2023-1571
https://security.gentoo.org/glsa/202311-09
https://security.netapp.com/advisory/ntap-20230331-0010/
https://go.dev/cl/468135
https://go.dev/cl/468295
https://go.dev/issue/57855
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/
https://www.couchbase.com/alerts/
https://security-tracker.debian.org/tracker/CVE-2022-41723

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

CVE-2022-41723

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources