x/vulndb: potential Go vuln in golang.org/x/net: GHSA-vvpx-j8f3-3w6h #1580

GoVulnBot · 2023-02-17T14:01:23Z

In GitHub Security Advisory GHSA-vvpx-j8f3-3w6h, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
golang.org/x/net	0.7.0	< 0.7.0

Cross references:

Module golang.org/x/net appears in issue dummy issue #14
Module golang.org/x/net appears in issue dummy issue #78
Module golang.org/x/net appears in issue x/vulndb: potential Go vuln in Go Standard Library (package not identified): CVE-2021-33194 #238
Module golang.org/x/net appears in issue x/vulndb: potential Go vuln in golang.org/x/net: CVE-2018-17142 #192
Module golang.org/x/net appears in issue x/vulndb: potential Go vuln in golang.org/x/net: CVE-2018-17143 #193
Module golang.org/x/net appears in issue x/vulndb: potential Go vuln in "Go Standard Library (package not identified)": CVE-2018-17847 #197
Module golang.org/x/net appears in issue x/vulndb: potential Go vuln in Go Standard Library (package not identified): CVE-2021-31525 #236
Module golang.org/x/net appears in issue x/vulndb: potential Go vuln in std: CVE-2021-44716 #288
Module golang.org/x/net appears in issue x/vulndb: potential Go vuln in std: CVE-2019-9512, CVE-2019-9514 #536
Module golang.org/x/net appears in issue x/vulndb: potential Go vuln in std: CVE-2022-27664 #969
Module golang.org/x/net appears in issue x/vulndb: potential Go vuln in std: CVE-2022-41717 #1144
Module golang.org/x/net appears in issue x/vulndb: potential Go vuln in golang.org/x/net/http2/h2c: CVE-2022-41721 #1495
CVE-2022-41723 appears in issue x/vulndb: potential Go vuln in net/http: CVE-2022-41723 #1571
Module golang.org/x/net appears in issue x/vulndb: potential Go vuln in net/http: CVE-2022-41723 #1571

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: golang.org/x/net
    versions:
      - fixed: 0.7.0
    packages:
      - package: golang.org/x/net
description: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption
    in the HPACK decoder, sufficient to cause a denial of service from a small number
    of small requests.
cves:
  - CVE-2022-41723
ghsas:
  - GHSA-vvpx-j8f3-3w6h
references:
  - web: https://nvd.nist.gov/vuln/detail/CVE-2022-41723
  - fix: https://go.dev/cl/468135
  - report: https://go.dev/issue/57855
  - web: https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
  - web: https://vuln.go.dev/ID/GO-2023-1571.json
  - advisory: https://github.com/advisories/GHSA-vvpx-j8f3-3w6h

The text was updated successfully, but these errors were encountered:

neild · 2023-02-22T18:31:40Z

Duplicate of #1571

neild marked this as a duplicate of #1571 Feb 22, 2023

neild closed this as completed Feb 22, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in golang.org/x/net: GHSA-vvpx-j8f3-3w6h #1580

x/vulndb: potential Go vuln in golang.org/x/net: GHSA-vvpx-j8f3-3w6h #1580

GoVulnBot commented Feb 17, 2023

neild commented Feb 22, 2023

x/vulndb: potential Go vuln in golang.org/x/net: GHSA-vvpx-j8f3-3w6h #1580

x/vulndb: potential Go vuln in golang.org/x/net: GHSA-vvpx-j8f3-3w6h #1580

Comments

GoVulnBot commented Feb 17, 2023

neild commented Feb 22, 2023