CVE-2024-24791 – Denial of service due to improper 100-continue handling in net/http
https://notcve.org/view.php?id=CVE-2024-24791
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. El cliente net/http HTTP/1.1 manejó mal el caso en el que un servidor responde a una solicitud con un encabezado "Expect: 100-continue" con un estado no informativo (200 o superior). • https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ https://pkg.go.dev/vuln/GO-2024-2963 https://access.redhat.com/security/cve/CVE-2024-24791 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 • CWE-20: Improper Input Validation •
CVE-2024-24788 – Malformed DNS message can cause infinite loop in net
https://notcve.org/view.php?id=CVE-2024-24788
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. Un mensaje DNS con formato incorrecto en respuesta a una consulta puede hacer que las funciones de búsqueda se atasquen en un bucle infinito. A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions. • http://www.openwall.com/lists/oss-security/2024/05/08/3 https://go.dev/cl/578375 https://go.dev/issue/66754 https://groups.google.com/g/golang-announce/c/wkkO4P9stm0 https://pkg.go.dev/vuln/GO-2024-2824 https://security.netapp.com/advisory/ntap-20240605-0002 https://security.netapp.com/advisory/ntap-20240614-0001 https://access.redhat.com/security/cve/CVE-2024-24788 https://bugzilla.redhat.com/show_bug.cgi?id=2279814 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2023-45288 – HTTP/2 CONTINUATION flood in net/http
https://notcve.org/view.php?id=CVE-2023-45288
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. • http://www.openwall.com/lists/oss-security/2024/04/03/16 http://www.openwall.com/lists/oss-security/2024/04/05/4 https://go.dev/cl/576155 https://go.dev/issue/65051 https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT https://pkg.go.dev/vuln/GO-2024-2687 https://security.netapp.com/advisory/ntap-20240419-0009 https://access.redhat.com/security/ • CWE-400: Uncontrolled Resource Consumption •
CVE-2024-24784 – Comments in display names are incorrectly handled in net/mail
https://notcve.org/view.php?id=CVE-2024-24784
The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers. La función ParseAddressList controla incorrectamente los comentarios (texto entre paréntesis) dentro de los nombres para mostrar. Dado que se trata de una desalineación con los analizadores de direcciones conformes, puede dar lugar a que los programas que utilizan diferentes analizadores tomen diferentes decisiones de confianza. A flaw was found in Go's net/mail standard library package. • http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/555596 https://go.dev/issue/65083 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2609 https://security.netapp.com/advisory/ntap-20240329-0007 https://access.redhat.com/security/cve/CVE-2024-24784 https://bugzilla.redhat.com/show_bug.cgi?id=2268021 • CWE-115: Misinterpretation of Input •
CVE-2023-45289 – Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http
https://notcve.org/view.php?id=CVE-2023-45289
When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded. Al seguir una redirección HTTP a un dominio que no es una coincidencia de subdominio o una coincidencia exacta del dominio inicial, un cliente http.no reenvía encabezados confidenciales como "Autorización" o "Cookie". Por ejemplo, una redirección de foo.com a www.foo.com reenviará el encabezado de Autorización, pero una redirección a bar.com no. • http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/569340 https://go.dev/issue/65065 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2600 https://security.netapp.com/advisory/ntap-20240329-0006 https://access.redhat.com/security/cve/CVE-2023-45289 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •