CVE-2021-44716

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2021-44716
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-01-01 05:15:00 UTC
Updated2023-04-20 00:15:00 UTC
Descriptionnet/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.

Risk And Classification

Problem Types: CWE-400

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Debian Debian Linux 9.0 All All All
Application Golang Go All All All All
Application Netapp Cloud Insights Telegraf - All All All

References

ReferenceSourceLinkTags
[SECURITY] [DLA 3395-1] golang-1.11 security update MLIST lists.debian.org
cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf MISC cert-portal.siemens.com
Go: Multiple Vulnerabilities (GLSA 202208-02) — Gentoo security GENTOO security.gentoo.org
[security] Go 1.17.5 and Go 1.16.12 are released CONFIRM groups.google.com
[SECURITY] [DLA 2892-1] golang-1.7 security update MLIST lists.debian.org
CVE-2021-44716 Golang Vulnerability in NetApp Products | NetApp Product Security CONFIRM security.netapp.com
[SECURITY] [DLA 2891-1] golang-1.8 security update MLIST lists.debian.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 159553 Oracle Enterprise Linux Security Update for go-toolset:ol8 (ELSA-2021-5160)
  • 159585 Oracle Enterprise Linux Security Update for grafana (ELSA-2022-0001)
  • 179017 Debian Security Update for golang-1.8 (DLA 2891-1)
  • 179018 Debian Security Update for golang-1.7 (DLA 2892-1)
  • 180038 Debian Security Update for golang-1.15 (CVE-2021-44716)
  • 181743 Debian Security Update for golang-1.11 (DLA 3395-1)
  • 239964 Red Hat Update for go-toolset:rhel8 (RHSA-2021:5160)
  • 239981 Red Hat Update for grafana (RHSA-2022:0001)
  • 239983 Red Hat Update for grafana (RHSA-2022:0002)
  • 240023 Red Hat Update for OpenStack Platform 16.2 (RHSA-2022:0237)
  • 240030 Red Hat Update for OpenStack Platform 16.1 (RHSA-2022:0260)
  • 240138 Red Hat OpenShift Container Platform 4.1 Security Update (RHSA-2022:0055)
  • 240161 Red Hat OpenShift Container Platform 4.10 Security Update (RHSA-2022:0927)
  • 282205 Fedora Security Update for golang (FEDORA-2021-29943703de)
  • 282206 Fedora Security Update for golang (FEDORA-2021-6fdc5ea304)
  • 282291 Fedora Security Update for grafana (FEDORA-2022-c6ae206be7)
  • 282292 Fedora Security Update for grafana (FEDORA-2022-6e6b59a682)
  • 353263 Amazon Linux Security Advisory for golang : ALAS2-2022-1776
  • 353275 Amazon Linux Security Advisory for golang : ALAS-2022-1583
  • 353977 Amazon Linux Security Advisory for golang : ALAS2-2022-1811
  • 354488 Amazon Linux Security Advisory for golang : ALAS2022-2022-009
  • 354527 Amazon Linux Security Advisory for golang : ALAS2022-2022-193
  • 354566 Amazon Linux Security Advisory for golang : ALAS-2022-193
  • 355212 Amazon Linux Security Advisory for golang : ALAS2023-2023-048
  • 378883 Splunk Enterprise August Third Party Package Updates (SVD-2023-0808)
  • 501856 Alpine Linux Security Update for go
  • 502093 Alpine Linux Security Update for go
  • 502126 Alpine Linux Security Update for nomad
  • 502297 Alpine Linux Security Update for go
  • 502316 Alpine Linux Security Update for nomad
  • 671427 EulerOS Security Update for golang (EulerOS-SA-2022-1345)
  • 671452 EulerOS Security Update for golang (EulerOS-SA-2022-1449)
  • 671472 EulerOS Security Update for golang (EulerOS-SA-2022-1428)
  • 671491 EulerOS Security Update for golang (EulerOS-SA-2022-1506)
  • 671527 EulerOS Security Update for golang (EulerOS-SA-2022-1487)
  • 690735 Free Berkeley Software Distribution (FreeBSD) Security Update for go (720505fe-593f-11ec-9ba8-002324b2fba8)
  • 710584 Gentoo Linux Go Multiple Vulnerabilities (GLSA 202208-02)
  • 751547 SUSE Enterprise Linux Security Update for go1.16 (SUSE-SU-2021:4169-1)
  • 751549 SUSE Enterprise Linux Security Update for go1.17 (SUSE-SU-2021:4186-1)
  • 751553 OpenSUSE Security Update for go1.16 (openSUSE-SU-2021:4169-1)
  • 751554 OpenSUSE Security Update for go1.17 (openSUSE-SU-2021:4186-1)
  • 751559 OpenSUSE Security Update for go1.16 (openSUSE-SU-2021:1626-1)
  • 753532 OpenSUSE Security Update for apptainer (openSUSE-SU-2023:0018-1)
  • 770138 Red Hat OpenShift Container Platform 4.1 Security Update (RHSA-2022:0055)
  • 770140 Red Hat OpenShift Container Platform 4.10 Security Update (RHSA-2022:0927)
  • 900508 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (7115)
  • 901099 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (7125-1)
  • 907641 Common Base Linux Mariner (CBL-Mariner) Security Update for kured (31978-1)
  • 907774 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (7115-1)
  • 907847 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (7125-2)
  • 907879 Common Base Linux Mariner (CBL-Mariner) Security Update for libcontainers-common (33607-1)
  • 907887 Common Base Linux Mariner (CBL-Mariner) Security Update for kube-vip-cloud-provider (33604-1)
  • 907893 Common Base Linux Mariner (CBL-Mariner) Security Update for local-path-provisioner (33612-1)
  • 907904 Common Base Linux Mariner (CBL-Mariner) Security Update for flannel (33581-1)
  • 907928 Common Base Linux Mariner (CBL-Mariner) Security Update for nmi (33624)
  • 907937 Common Base Linux Mariner (CBL-Mariner) Security Update for moby-buildx (33613-1)
  • 907938 Common Base Linux Mariner (CBL-Mariner) Security Update for rook (33641)
  • 907939 Common Base Linux Mariner (CBL-Mariner) Security Update for prometheus-process-exporter (33638)
  • 907941 Common Base Linux Mariner (CBL-Mariner) Security Update for keda (33597)
  • 907942 Common Base Linux Mariner (CBL-Mariner) Security Update for application-gateway-kubernetes-ingress (33564-1)
  • 907946 Common Base Linux Mariner (CBL-Mariner) Security Update for prometheus-node-exporter (33635-1)
  • 907948 Common Base Linux Mariner (CBL-Mariner) Security Update for jx (33592-1)
  • 907950 Common Base Linux Mariner (CBL-Mariner) Security Update for cf-cli (33571-1)
  • 907952 Common Base Linux Mariner (CBL-Mariner) Security Update for node-problem-detector (33627)
  • 907953 Common Base Linux Mariner (CBL-Mariner) Security Update for csi-driver-lvm (33577-1)
  • 907955 Common Base Linux Mariner (CBL-Mariner) Security Update for git-lfs (33585-1)
  • 907963 Common Base Linux Mariner (CBL-Mariner) Security Update for moby-cli (33616-1)
  • 907971 Common Base Linux Mariner (CBL-Mariner) Security Update for keda (33597-1)
  • 907994 Common Base Linux Mariner (CBL-Mariner) Security Update for prometheus-process-exporter (33638-1)
  • 907995 Common Base Linux Mariner (CBL-Mariner) Security Update for rook (33641-1)
  • 907998 Common Base Linux Mariner (CBL-Mariner) Security Update for node-problem-detector (33627-1)
  • 907999 Common Base Linux Mariner (CBL-Mariner) Security Update for nmi (33624-1)
  • 940411 AlmaLinux Security Update for go-toolset:rhel8 (ALSA-2021:5160)
  • 940428 AlmaLinux Security Update for grafana (ALSA-2022:0001)
  • 960691 Rocky Linux Security Update for grafana (RLSA-2022:0001)
  • 960760 Rocky Linux Security Update for go-toolset:rhel8 (RLSA-2021:5160)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report