CVE-2022-41717 Vulnerability Details

  /     /     /  

CVE-2022-41717 Metadata Quick Info

CVE Published: 08/12/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: Go | Vendor: Go standard library | Product: net/http
Status : PUBLISHED

---

CVE-2022-41717 Description

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: CWE 400: Uncontrolled Resource Consumption
Source: Go standard library

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).