CVE-2022-41717

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2022-41717
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-12-08 20:15:00 UTC
Updated2024-01-18 03:15:00 UTC
DescriptionAn attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

Risk And Classification

Problem Types: CWE-770

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Fedoraproject Fedora 37 All All All
Operating System Fedoraproject Fedora 38 All All All
Application Golang Go All All All All
Application Golang Http2 All All All All
Application Golang Http2 All All All All

References

ReferenceSourceLinkTags
Go: Multiple Vulnerabilities (GLSA 202311-09) — Gentoo security security.gentoo.org
[SECURITY] Fedora 37 Update: aerc-0.15.2-1.fc37 - package-announce - Fedora Mailing-Lists MISC lists.fedoraproject.org
[SECURITY] Fedora 38 Update: golang-x-mod-0.14.0-1.fc38 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
go.dev/cl/455635 MISC go.dev
[SECURITY] Fedora 39 Update: golang-x-text-0.14.0-1.fc39 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
lists.fedoraproject.org/archives/list/[email protected]/messag... lists.fedoraproject.org
[SECURITY] Fedora 37 Update: exercism-3.2.0-1.fc37 - package-announce - Fedora Mailing-Lists MISC lists.fedoraproject.org
lists.fedoraproject.org/archives/list/[email protected]/messag... lists.fedoraproject.org
[SECURITY] Fedora 38 Update: aerc-0.15.2-1.fc38 - package-announce - Fedora Mailing-Lists MISC lists.fedoraproject.org
[SECURITY] Fedora 39 Update: golang-x-mod-0.14.0-1.fc39 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
lists.fedoraproject.org/archives/list/[email protected]/messag... lists.fedoraproject.org
go.dev/cl/455717 MISC go.dev
[SECURITY] Fedora 38 Update: exercism-3.2.0-1.fc38 - package-announce - Fedora Mailing-Lists MISC lists.fedoraproject.org
net/http: limit canonical header cache by bytes, not entries (CVE-2022-41717) · Issue #56350 · golang/go · GitHub MISC go.dev
[security] Go 1.19.4 and Go 1.18.9 are released MISC groups.google.com
[SECURITY] Fedora 39 Update: htmltest-0.17.0-4.fc39 - package-announce - Fedora Mailing-Lists MISC lists.fedoraproject.org
lists.fedoraproject.org/archives/list/[email protected]/messag... lists.fedoraproject.org
[SECURITY] Fedora 37 Update: htmltest-0.17.0-4.fc37 - package-announce - Fedora Mailing-Lists MISC lists.fedoraproject.org
[SECURITY] Fedora 38 Update: golang-x-text-0.14.0-1.fc38 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
GO-2022-1144 - Go Packages MISC pkg.go.dev
[SECURITY] Fedora 38 Update: htmltest-0.17.0-4.fc38 - package-announce - Fedora Mailing-Lists MISC lists.fedoraproject.org
[SECURITY] Fedora 39 Update: exercism-3.2.0-1.fc39 - package-announce - Fedora Mailing-Lists MISC lists.fedoraproject.org
[SECURITY] Fedora 38 Update: golang-github-schollz-mnemonicode-1.0.1-6.20230519git63fa713.fc38 - package-announce - Fedora Mailing-Lists MISC lists.fedoraproject.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 160499 Oracle Enterprise Linux Security Update for ol8addon (ELSA-2023-18908)
  • 160582 Oracle Enterprise Linux Security Update for git-lfs (ELSA-2023-2357)
  • 160591 Oracle Enterprise Linux Security Update for podman (ELSA-2023-2282)
  • 160595 Oracle Enterprise Linux Security Update for skopeo (ELSA-2023-2283)
  • 160596 Oracle Enterprise Linux Security Update for buildah (ELSA-2023-2253)
  • 160600 Oracle Enterprise Linux Security Update for containernetworking-plugins (ELSA-2023-2367)
  • 160609 Oracle Enterprise Linux Security Update for image builder (ELSA-2023-2204)
  • 160634 Oracle Enterprise Linux Security Update for conmon (ELSA-2023-2222)
  • 160663 Oracle Enterprise Linux Security Update for git-lfs (ELSA-2023-2866)
  • 160666 Oracle Enterprise Linux Security Update for image builder (ELSA-2023-2780)
  • 160678 Oracle Enterprise Linux Security Update for container-tools:ol8 (ELSA-2023-2758)
  • 160696 Oracle Enterprise Linux Security Update for container-tools:4.0 (ELSA-2023-2802)
  • 161102 Oracle Enterprise Linux Security Update for grafana security and enhancement update (ELSA-2023-6420)
  • 181997 Debian Security Update for golang-1.19golang-golang-x-net (CVE-2022-41717)
  • 199304 Ubuntu Security Notification for Go Vulnerabilities (USN-6038-1)
  • 241266 Red Hat Update for Multiple OpenStack Platforms (RHSA-2023:1276)
  • 241268 Red Hat Update for multiple OpenStack Platforms (RHSA-2023:1275)
  • 241424 Red Hat Update for image builder security (RHSA-2023:2204)
  • 241428 Red Hat Update for podman (RHSA-2023:2282)
  • 241441 Red Hat Update for conmon (RHSA-2023:2222)
  • 241455 Red Hat Update for toolbox (RHSA-2023:2236)
  • 241460 Red Hat Update for containernetworking-plugins (RHSA-2023:2367)
  • 241465 Red Hat Update for skopeo (RHSA-2023:2283)
  • 241467 Red Hat Update for git-lfs (RHSA-2023:2357)
  • 241470 Red Hat Update for buildah (RHSA-2023:2253)
  • 241486 Red Hat Update for container-tools:4.0 (RHSA-2023:2802)
  • 241490 Red Hat Update for image builder security (RHSA-2023:2780)
  • 241505 Red Hat Update for container-tools:rhel8 security (RHSA-2023:2758)
  • 241520 Red Hat Update for git-lfs (RHSA-2023:2866)
  • 241544 Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:1329)
  • 241546 Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:1325)
  • 241745 Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:3612)
  • 241775 Red Hat Update for red hat openshift enterprise (RHSA-2023:3910)
  • 241776 Red Hat Update for red hat openshift enterprise (RHSA-2023:3914)
  • 242309 Red Hat Update for grafana (RHSA-2023:6420)
  • 242347 Red Hat Update for Satellite 6.14 (RHSA-2023:6818)
  • 283659 Fedora Security Update for caddy (FEDORA-2023-322314ad50)
  • 283660 Fedora Security Update for caddy (FEDORA-2023-0fff8bc164)
  • 283664 Fedora Security Update for git (FEDORA-2023-2663dc67d8)
  • 283665 Fedora Security Update for git (FEDORA-2023-267503a090)
  • 283673 Fedora Security Update for syncthing (FEDORA-2023-6d71ff268e)
  • 283674 Fedora Security Update for syncthing (FEDORA-2023-70eb8ba61e)
  • 283690 Fedora Security Update for golang (FEDORA-2023-8ecc0e487e)
  • 283692 Fedora Security Update for golang (FEDORA-2023-cb3a59a3df)
  • 283739 Fedora Security Update for golang (FEDORA-2023-6550d9323b)
  • 283740 Fedora Security Update for golang (FEDORA-2023-c9b2182a4e)
  • 283768 Fedora Security Update for golang (FEDORA-2023-8b700042ac)
  • 283789 Fedora Security Update for stargz (FEDORA-2023-ee472c698c)
  • 283800 Fedora Security Update for pack (FEDORA-2023-0c354a3f9a)
  • 283801 Fedora Security Update for pack (FEDORA-2023-2df9d60e4c)
  • 283802 Fedora Security Update for containernetworking (FEDORA-2023-e8c27ba884)
  • 283803 Fedora Security Update for containernetworking (FEDORA-2023-c0149844e2)
  • 283815 Fedora Security Update for gmailctl (FEDORA-2023-ca444fdecf)
  • 283816 Fedora Security Update for gmailctl (FEDORA-2023-abb47e24d8)
  • 284043 Fedora Security Update for golang (FEDORA-2023-4c1050f439)
  • 284049 Fedora Security Update for golang (FEDORA-2023-9ca66e00a2)
  • 284127 Fedora Security Update for golang (FEDORA-2023-ac4651c9b2)
  • 284229 Fedora Security Update for reposurgeon (FEDORA-2023-76d18cf2fa)
  • 284244 Fedora Security Update for gmailctl (FEDORA-2023-8c02aee138)
  • 284248 Fedora Security Update for golang (FEDORA-2023-3dba09f630)
  • 284251 Fedora Security Update for pack (FEDORA-2023-5eca6a8326)
  • 284252 Fedora Security Update for containernetworking (FEDORA-2023-f4bd7ab2f7)
  • 284254 Fedora Security Update for stargz (FEDORA-2023-62ce942e75)
  • 284277 Fedora Security Update for golang (FEDORA-2023-4e2068ba5d)
  • 284346 Fedora Security Update for aerc (FEDORA-2023-6cfe7492c1)
  • 284347 Fedora Security Update for aerc (FEDORA-2023-aa7c75ed4a)
  • 284753 Fedora Security Update for podman (FEDORA-2023-e359fd31d2)
  • 284754 Fedora Security Update for podman (FEDORA-2023-a5a5542890)
  • 284786 Fedora Security Update for golang (FEDORA-2023-ce2836acfa)
  • 284861 Fedora Security Update for golang (FEDORA-2024-fd3545a844)
  • 284862 Fedora Security Update for golang (FEDORA-2024-ae653fb07b)
  • 285052 Fedora Security Update for golang (FEDORA-2024-b85b97c0e9)
  • 285053 Fedora Security Update for golang (FEDORA-2024-fb32950d11)
  • 285148 Fedora Security Update for podman (FEDORA-2023-327346caa5)
  • 285286 Fedora Security Update for htmltest (FEDORA-2023-946dfaf17f)
  • 285292 Fedora Security Update for exercism (FEDORA-2023-e16469fdec)
  • 285301 Fedora Security Update for rclone (FEDORA-2023-2f0957b051)
  • 285302 Fedora Security Update for golang (FEDORA-2023-65f2712f28)
  • 285304 Fedora Security Update for caddy (FEDORA-2023-30431913bc)
  • 285309 Fedora Security Update for golang (FEDORA-2023-7abdd861d6)
  • 285311 Fedora Security Update for golang (FEDORA-2023-b1cebc5424)
  • 296101 Oracle Solaris 11.4 Support Repository Update (SRU) 59.138.2 Missing (CPUJUL2023)
  • 354730 Amazon Linux Security Advisory for golang : ALAS2-2023-1926
  • 354901 Amazon Linux Security Advisory for golang : ALAS-2023-1731
  • 355216 Amazon Linux Security Advisory for golang : ALAS2023-2023-175
  • 356304 Amazon Linux Security Advisory for golang : ALASGOLANG1.19-2023-002
  • 378652 Alibaba Cloud Linux Security Update for git-lfs (ALINUX3-SA-2023:0071)
  • 502860 Alpine Linux Security Update for go
  • 503198 Alpine Linux Security Update for minio-client
  • 506116 Alpine Linux Security Update for minio-client
  • 672719 EulerOS Security Update for golang (EulerOS-SA-2023-1467)
  • 672756 EulerOS Security Update for golang (EulerOS-SA-2023-1442)
  • 672789 EulerOS Security Update for golang (EulerOS-SA-2023-1549)
  • 672796 EulerOS Security Update for golang (EulerOS-SA-2023-1524)
  • 672839 EulerOS Security Update for golang (EulerOS-SA-2023-1583)
  • 672842 EulerOS Security Update for golang (EulerOS-SA-2023-1573)
  • 673863 EulerOS Security Update for golang (EulerOS-SA-2023-3128)
  • 691002 Free Berkeley Software Distribution (FreeBSD) Security Update for go (6f5192f5-75a7-11ed-83c0-411d43ce7fe4)
  • 710791 Gentoo Linux Go Multiple Vulnerabilities (GLSA 202311-09)
  • 752989 SUSE Enterprise Linux Security Update for go1.18 (SUSE-SU-2022:4398-1)
  • 753001 SUSE Enterprise Linux Security Update for go1.19 (SUSE-SU-2022:4397-1)
  • 754047 SUSE Enterprise Linux Security Update for go1.18-openssl (SUSE-SU-2023:2312-1)
  • 770186 Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:1325)
  • 770195 Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:3612)
  • 770203 Red Hat OpenShift Container Platform 4.10 Security Update (RHSA-2023:3910)
  • 770204 Red Hat OpenShift Container Platform 4.11 Security Update (RHSA-2023:3914)
  • 904674 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (11588)
  • 904678 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (11582)
  • 904740 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (11588-1)
  • 904782 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (11582-1)
  • 907772 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (11588-2)
  • 907814 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (11582-2)
  • 907961 Common Base Linux Mariner (CBL-Mariner) Security Update for sriov-network-device-plugin (33645-1)
  • 941034 AlmaLinux Security Update for podman (ALSA-2023:2282)
  • 941035 AlmaLinux Security Update for buildah (ALSA-2023:2253)
  • 941039 AlmaLinux Security Update for conmon (ALSA-2023:2222)
  • 941041 AlmaLinux Security Update for toolbox (ALSA-2023:2236)
  • 941052 AlmaLinux Security Update for containernetworking-plugins (ALSA-2023:2367)
  • 941053 AlmaLinux Security Update for git-lfs (ALSA-2023:2357)
  • 941055 AlmaLinux Security Update for skopeo (ALSA-2023:2283)
  • 941063 AlmaLinux Security Update for Image (ALSA-2023:2204)
  • 941090 AlmaLinux Security Update for container-tools:4.0 (ALSA-2023:2802)
  • 941108 AlmaLinux Security Update for git-lfs (ALSA-2023:2866)
  • 941116 AlmaLinux Security Update for container-tools:rhel8 (ALSA-2023:2758)
  • 941118 AlmaLinux Security Update for Image (ALSA-2023:2780)
  • 941404 AlmaLinux Security Update for grafana (ALSA-2023:6420)
  • 961065 Rocky Linux Security Update for Satellite (RLSA-2023:6818)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report