CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-41724 – Panic on large handshake records in crypto/tls
https://notcve.org/view.php?id=CVE-2022-41724
Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert). A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. • https://go.dev/cl/468125 https://go.dev/issue/58001 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1570 https://security.gentoo.org/glsa/202311-09 https://access.redhat.com/security/cve/CVE-2022-41724 https://bugzilla.redhat.com/show_bug.cgi?id=2178492 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-41725 – Excessive resource consumption in mime/multipart
https://notcve.org/view.php?id=CVE-2022-41725
A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. • https://go.dev/cl/468124 https://go.dev/issue/58006 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1569 https://security.gentoo.org/glsa/202311-09 https://access.redhat.com/security/cve/CVE-2022-41725 https://bugzilla.redhat.com/show_bug.cgi?id=2178488 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41722 – Path traversal on Windows in path/filepath
https://notcve.org/view.php?id=CVE-2022-41722
A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ". • https://go.dev/cl/468123 https://go.dev/issue/57274 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1568 https://access.redhat.com/security/cve/CVE-2022-41722 https://bugzilla.redhat.com/show_bug.cgi?id=2203008 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-41721 – Request smuggling due to improper request handling in golang.org/x/net/http2/h2c
https://notcve.org/view.php?id=CVE-2022-41721
A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests. A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. • https://go.dev/cl/447396 https://go.dev/issue/56352 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3H3EWQXM2XL5AGBX6UL443JEJ3GQXJN https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5DXTLLWN6HKI5I35EUZRBISTNZJ75GP https://pkg.go.dev/vuln/GO-2023-1495 https://access.redhat.com/security/cve/CVE-2022-41721 https://bugzilla.redhat.com/show_bug.cgi?id=2162182 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-41717 – Excessive memory growth in net/http and golang.org/x/net/http2
https://notcve.org/view.php?id=CVE-2022-41717
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection. Un atacante puede provocar un crecimiento excesivo de la memoria en un servidor Go que acepta solicitudes HTTP/2. Las conexiones del servidor HTTP/2 contienen un caché de claves de encabezado HTTP enviadas por el cliente. • https://go.dev/cl/455635 https://go.dev/cl/455717 https://go.dev/issue/56350 https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4 https • CWE-770: Allocation of Resources Without Limits or Throttling •