CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-45288 – HTTP/2 CONTINUATION flood in net/http
https://notcve.org/view.php?id=CVE-2023-45288
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. • http://www.openwall.com/lists/oss-security/2024/04/03/16 http://www.openwall.com/lists/oss-security/2024/04/05/4 https://go.dev/cl/576155 https://go.dev/issue/65051 https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT https://pkg.go.dev/vuln/GO-2024-2687 https://security.netapp.com/advisory/ntap-20240419-0009 https://access.redhat.com/security/ • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24785 – Errors returned from JSON marshaling may break template escaping in html/template
https://notcve.org/view.php?id=CVE-2024-24785
If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates. Si los errores devueltos por los métodos MarshalJSON contienen datos controlados por el usuario, se pueden usar para romper el comportamiento de escape automático contextual del paquete html/template, permitiendo acciones posteriores para inyectar contenido inesperado en las plantillas. A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates. • http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/564196 https://go.dev/issue/65697 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2610 https://security.netapp.com/advisory/ntap-20240329-0008 https://access.redhat.com/security/cve/CVE-2024-24785 https://bugzilla.redhat.com/show_bug.cgi?id=2268022 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24784 – Comments in display names are incorrectly handled in net/mail
https://notcve.org/view.php?id=CVE-2024-24784
The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers. La función ParseAddressList controla incorrectamente los comentarios (texto entre paréntesis) dentro de los nombres para mostrar. Dado que se trata de una desalineación con los analizadores de direcciones conformes, puede dar lugar a que los programas que utilizan diferentes analizadores tomen diferentes decisiones de confianza. A flaw was found in Go's net/mail standard library package. • http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/555596 https://go.dev/issue/65083 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2609 https://security.netapp.com/advisory/ntap-20240329-0007 https://access.redhat.com/security/cve/CVE-2024-24784 https://bugzilla.redhat.com/show_bug.cgi?id=2268021 • CWE-115: Misinterpretation of Input •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-45289 – Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http
https://notcve.org/view.php?id=CVE-2023-45289
When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded. Al seguir una redirección HTTP a un dominio que no es una coincidencia de subdominio o una coincidencia exacta del dominio inicial, un cliente http.no reenvía encabezados confidenciales como "Autorización" o "Cookie". Por ejemplo, una redirección de foo.com a www.foo.com reenviará el encabezado de Autorización, pero una redirección a bar.com no. • http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/569340 https://go.dev/issue/65065 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2600 https://security.netapp.com/advisory/ntap-20240329-0006 https://access.redhat.com/security/cve/CVE-2023-45289 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45290 – Memory exhaustion in multipart form parsing in net/textproto and net/http
https://notcve.org/view.php?id=CVE-2023-45290
When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines. Al analizar un formulario de varias partes (ya sea explícitamente con Request.ParseMultipartForm o implícitamente con Request.FormValue, Request.PostFormValue o Request.FormFile), no se aplicaron límites en el tamaño total del formulario analizado a la memoria consumida al leer un solo formulario línea. Esto permite que una entrada creada con fines malintencionados que contenga líneas muy largas provoque la asignación de cantidades de memoria arbitrariamente grandes, lo que podría provocar un agotamiento de la memoria. • http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/569341 https://go.dev/issue/65383 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2599 https://security.netapp.com/advisory/ntap-20240329-0004 https://access.redhat.com/security/cve/CVE-2023-45290 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 • CWE-20: Improper Input Validation •