vulndb/data/osv/GO-2023-1571.json

{
  "id": "GO-2023-1571",
  "published": "0001-01-01T00:00:00Z",
  "modified": "0001-01-01T00:00:00Z",
  "aliases": [
    "CVE-2022-41723",
    "GHSA-vvpx-j8f3-3w6h"
  ],
  "details": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.",
  "affected": [
    {
      "package": {
        "name": "stdlib",
        "ecosystem": "Go"
      },
      "ranges": [
        {
          "type": "SEMVER",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.19.6"
            },
            {
              "introduced": "1.20.0"
            },
            {
              "fixed": "1.20.1"
            }
          ]
        }
      ],
      "database_specific": {
        "url": "https://pkg.go.dev/vuln/GO-2023-1571"
      },
      "ecosystem_specific": {
        "imports": [
          {
            "path": "net/http"
          }
        ]
      }
    },
    {
      "package": {
        "name": "golang.org/x/net",
        "ecosystem": "Go"
      },
      "ranges": [
        {
          "type": "SEMVER",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.7.0"
            }
          ]
        }
      ],
      "database_specific": {
        "url": "https://pkg.go.dev/vuln/GO-2023-1571"
      },
      "ecosystem_specific": {
        "imports": [
          {
            "path": "golang.org/x/net/http2"
          },
          {
            "path": "golang.org/x/net/http2/hpack",
            "symbols": [
              "Decoder.DecodeFull",
              "Decoder.Write",
              "Decoder.parseFieldLiteral",
              "Decoder.readString"
            ]
          }
        ]
      }
    }
  ],
  "references": [
    {
      "type": "REPORT",
      "url": "https://go.dev/issue/57855"
    },
    {
      "type": "FIX",
      "url": "https://go.dev/cl/468135"
    },
    {
      "type": "FIX",
      "url": "https://go.dev/cl/468295"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
    }
  ],
  "credits": [
    {
      "name": "Philippe Antoine (Catena cyber)"
    }
  ],
  "schema_version": "1.3.1"
}
data/reports: add GO-2023-1571.yaml Aliases: CVE-2022-41723 Updates golang/vulndb#1571 Change-Id: Iec81cb886f5e67d37f5b484f59e257431bde4690 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/468900 Reviewed-by: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com> 2023-02-17 00:43:34 +03:00			`{`
			`"id": "GO-2023-1571",`
			`"published": "0001-01-01T00:00:00Z",`
			`"modified": "0001-01-01T00:00:00Z",`
			`"aliases": [`
data/reports: add GHSAs for GO-2023-1571, GO-2023-1572 For golang/vulndb#1571 For golang/vulndb#1572 Change-Id: I5400ea718f2a173361c5c8cbd91d32862d16644f Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/470375 Reviewed-by: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Damien Neil <dneil@google.com> Auto-Submit: Damien Neil <dneil@google.com> 2023-02-22 21:34:31 +03:00			`"CVE-2022-41723",`
			`"GHSA-vvpx-j8f3-3w6h"`
data/reports: add GO-2023-1571.yaml Aliases: CVE-2022-41723 Updates golang/vulndb#1571 Change-Id: Iec81cb886f5e67d37f5b484f59e257431bde4690 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/468900 Reviewed-by: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com> 2023-02-17 00:43:34 +03:00			`],`
			`"details": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.",`
			`"affected": [`
			`{`
			`"package": {`
			`"name": "stdlib",`
			`"ecosystem": "Go"`
			`},`
			`"ranges": [`
			`{`
			`"type": "SEMVER",`
			`"events": [`
			`{`
			`"introduced": "0"`
			`},`
			`{`
			`"fixed": "1.19.6"`
			`},`
			`{`
			`"introduced": "1.20.0"`
			`},`
			`{`
			`"fixed": "1.20.1"`
			`}`
			`]`
			`}`
			`],`
			`"database_specific": {`
			`"url": "https://pkg.go.dev/vuln/GO-2023-1571"`
			`},`
			`"ecosystem_specific": {`
			`"imports": [`
			`{`
			`"path": "net/http"`
			`}`
			`]`
			`}`
			`},`
			`{`
			`"package": {`
			`"name": "golang.org/x/net",`
			`"ecosystem": "Go"`
			`},`
			`"ranges": [`
			`{`
			`"type": "SEMVER",`
			`"events": [`
			`{`
			`"introduced": "0"`
			`},`
			`{`
			`"fixed": "0.7.0"`
			`}`
			`]`
			`}`
			`],`
			`"database_specific": {`
			`"url": "https://pkg.go.dev/vuln/GO-2023-1571"`
			`},`
			`"ecosystem_specific": {`
			`"imports": [`
			`{`
			`"path": "golang.org/x/net/http2"`
			`},`
			`{`
			`"path": "golang.org/x/net/http2/hpack",`
			`"symbols": [`
			`"Decoder.DecodeFull",`
			`"Decoder.Write",`
			`"Decoder.parseFieldLiteral",`
			`"Decoder.readString"`
			`]`
			`}`
			`]`
			`}`
			`}`
			`],`
			`"references": [`
			`{`
			`"type": "REPORT",`
			`"url": "https://go.dev/issue/57855"`
			`},`
			`{`
			`"type": "FIX",`
			`"url": "https://go.dev/cl/468135"`
			`},`
			`{`
			`"type": "FIX",`
			`"url": "https://go.dev/cl/468295"`
			`},`
			`{`
			`"type": "WEB",`
			`"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"`
			`}`
			`],`
			`"credits": [`
			`{`
			`"name": "Philippe Antoine (Catena cyber)"`
			`}`
			`],`
			`"schema_version": "1.3.1"`
			`}`