{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-41723","assignerOrgId":"1bb62c36-49e3-4200-9d77-64a1400537cc","state":"PUBLISHED","assignerShortName":"Go","dateReserved":"2022-09-28T17:00:06.610Z","datePublished":"2023-02-28T17:19:45.801Z","dateUpdated":"2025-05-05T16:12:28.159Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bb62c36-49e3-4200-9d77-64a1400537cc","shortName":"Go","dateUpdated":"2023-11-25T11:09:48.448Z"},"title":"Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net","descriptions":[{"lang":"en","value":"A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests."}],"affected":[{"vendor":"Go standard library","product":"net/http","collectionURL":"https://pkg.go.dev","packageName":"net/http","versions":[{"version":"0","lessThan":"1.19.6","status":"affected","versionType":"semver"},{"version":"1.20.0-0","lessThan":"1.20.1","status":"affected","versionType":"semver"}],"programRoutines":[{"name":"Transport.RoundTrip"},{"name":"Server.Serve"},{"name":"Client.Do"},{"name":"Client.Get"},{"name":"Client.Head"},{"name":"Client.Post"},{"name":"Client.PostForm"},{"name":"Get"},{"name":"Head"},{"name":"ListenAndServe"},{"name":"ListenAndServeTLS"},{"name":"Post"},{"name":"PostForm"},{"name":"Serve"},{"name":"ServeTLS"},{"name":"Server.ListenAndServe"},{"name":"Server.ListenAndServeTLS"},{"name":"Server.ServeTLS"}],"defaultStatus":"unaffected"},{"vendor":"golang.org/x/net","product":"golang.org/x/net/http2","collectionURL":"https://pkg.go.dev","packageName":"golang.org/x/net/http2","versions":[{"version":"0","lessThan":"0.7.0","status":"affected","versionType":"semver"}],"programRoutines":[{"name":"Transport.RoundTrip"},{"name":"Server.ServeConn"},{"name":"ClientConn.Close"},{"name":"ClientConn.Ping"},{"name":"ClientConn.RoundTrip"},{"name":"ClientConn.Shutdown"},{"name":"ConfigureServer"},{"name":"ConfigureTransport"},{"name":"ConfigureTransports"},{"name":"ConnectionError.Error"},{"name":"ErrCode.String"},{"name":"FrameHeader.String"},{"name":"FrameType.String"},{"name":"FrameWriteRequest.String"},{"name":"Framer.ReadFrame"},{"name":"Framer.WriteContinuation"},{"name":"Framer.WriteData"},{"name":"Framer.WriteDataPadded"},{"name":"Framer.WriteGoAway"},{"name":"Framer.WriteHeaders"},{"name":"Framer.WritePing"},{"name":"Framer.WritePriority"},{"name":"Framer.WritePushPromise"},{"name":"Framer.WriteRSTStream"},{"name":"Framer.WriteRawFrame"},{"name":"Framer.WriteSettings"},{"name":"Framer.WriteSettingsAck"},{"name":"Framer.WriteWindowUpdate"},{"name":"GoAwayError.Error"},{"name":"ReadFrameHeader"},{"name":"Setting.String"},{"name":"SettingID.String"},{"name":"SettingsFrame.ForeachSetting"},{"name":"StreamError.Error"},{"name":"Transport.CloseIdleConnections"},{"name":"Transport.NewClientConn"},{"name":"Transport.RoundTripOpt"},{"name":"bufferedWriter.Flush"},{"name":"bufferedWriter.Write"},{"name":"chunkWriter.Write"},{"name":"clientConnPool.GetClientConn"},{"name":"connError.Error"},{"name":"dataBuffer.Read"},{"name":"duplicatePseudoHeaderError.Error"},{"name":"gzipReader.Close"},{"name":"gzipReader.Read"},{"name":"headerFieldNameError.Error"},{"name":"headerFieldValueError.Error"},{"name":"noDialClientConnPool.GetClientConn"},{"name":"noDialH2RoundTripper.RoundTrip"},{"name":"pipe.Read"},{"name":"priorityWriteScheduler.CloseStream"},{"name":"priorityWriteScheduler.OpenStream"},{"name":"pseudoHeaderError.Error"},{"name":"requestBody.Close"},{"name":"requestBody.Read"},{"name":"responseWriter.Flush"},{"name":"responseWriter.FlushError"},{"name":"responseWriter.Push"},{"name":"responseWriter.SetReadDeadline"},{"name":"responseWriter.SetWriteDeadline"},{"name":"responseWriter.Write"},{"name":"responseWriter.WriteHeader"},{"name":"responseWriter.WriteString"},{"name":"serverConn.CloseConn"},{"name":"serverConn.Flush"},{"name":"stickyErrWriter.Write"},{"name":"transportResponseBody.Close"},{"name":"transportResponseBody.Read"},{"name":"writeData.String"}],"defaultStatus":"unaffected"},{"vendor":"golang.org/x/net","product":"golang.org/x/net/http2/hpack","collectionURL":"https://pkg.go.dev","packageName":"golang.org/x/net/http2/hpack","versions":[{"version":"0","lessThan":"0.7.0","status":"affected","versionType":"semver"}],"programRoutines":[{"name":"Decoder.parseFieldLiteral"},{"name":"Decoder.readString"},{"name":"Decoder.DecodeFull"},{"name":"Decoder.Write"}],"defaultStatus":"unaffected"}],"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE 400: Uncontrolled Resource Consumption"}]}],"references":[{"url":"https://go.dev/issue/57855"},{"url":"https://go.dev/cl/468135"},{"url":"https://go.dev/cl/468295"},{"url":"https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"},{"url":"https://pkg.go.dev/vuln/GO-2023-1571"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/"},{"url":"https://www.couchbase.com/alerts/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"},{"url":"https://security.gentoo.org/glsa/202311-09"}],"credits":[{"lang":"en","value":"Philippe Antoine (Catena cyber)"}]},"adp":[{"title":"CVE Program Container","references":[{"url":"https://security.netapp.com/advisory/ntap-20230331-0010/"},{"url":"https://go.dev/issue/57855","tags":["x_transferred"]},{"url":"https://go.dev/cl/468135","tags":["x_transferred"]},{"url":"https://go.dev/cl/468295","tags":["x_transferred"]},{"url":"https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E","tags":["x_transferred"]},{"url":"https://pkg.go.dev/vuln/GO-2023-1571","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/","tags":["x_transferred"]},{"url":"https://www.couchbase.com/alerts/","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/","tags":["x_transferred"]},{"url":"https://security.gentoo.org/glsa/202311-09","tags":["x_transferred"]}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T12:49:43.617Z"}},{"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"NVD-CWE-Other"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.5,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-04-23T13:26:37.352634Z","id":"CVE-2022-41723","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-05T16:12:28.159Z"}}]}}