CVE-2022-41723

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2022-41723
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2023-02-28 18:15:00 UTC
Updated2023-11-25 11:15:00 UTC
DescriptionA maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Golang Go All All All All
Application Golang Go 1.20.0 - All All
Application Golang Hpack All All All All
Application Golang Hpack All All All All
Application Golang Http2 All All All All
Application Golang Http2 All All All All

References

ReferenceSourceLinkTags
Go: Multiple Vulnerabilities (GLSA 202311-09) — Gentoo security security.gentoo.org
net/http: avoid quadratic complexity in HPACK decoding (CVE-2022-41723) · Issue #57855 · golang/go · GitHub MISC go.dev
go.dev/cl/468295 MISC go.dev
lists.fedoraproject.org/archives/list/[email protected]/messag... lists.fedoraproject.org
[SECURITY] Fedora 38 Update: skopeo-1.11.2-1.fc38 - package-announce - Fedora Mailing-Lists MISC lists.fedoraproject.org
lists.fedoraproject.org/archives/list/[email protected]/messag... lists.fedoraproject.org
lists.fedoraproject.org/archives/list/[email protected]/messag... lists.fedoraproject.org
Enterprise Security Alerts & Advisories for Couchbase www.couchbase.com
go.dev/cl/468135 MISC go.dev
[security] Go 1.20.1 and Go 1.19.6 are released MISC groups.google.com
GO-2023-1571 - Go Packages MISC pkg.go.dev
[SECURITY] Fedora 37 Update: skopeo-1.11.2-1.fc37 - package-announce - Fedora Mailing-Lists MISC lists.fedoraproject.org
[SECURITY] Fedora 37 Update: doctl-1.93.1-2.fc37 - package-announce - Fedora Mailing-Lists MISC lists.fedoraproject.org
[SECURITY] Fedora 37 Update: golang-github-cli-gh-1.2.1-2.fc37 - package-announce - Fedora Mailing-Lists MISC lists.fedoraproject.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 161061 Oracle Enterprise Linux Security Update for skopeo (ELSA-2023-6363)
  • 161062 Oracle Enterprise Linux Security Update for containernetworking-plugins (ELSA-2023-6402)
  • 161063 Oracle Enterprise Linux Security Update for podman (ELSA-2023-6474)
  • 161105 Oracle Enterprise Linux Security Update for buildah (ELSA-2023-6473)
  • 161175 Oracle Enterprise Linux Security Update for container-tools:ol8 (ELSA-2023-6939)
  • 161187 Oracle Enterprise Linux Security Update for container-tools:4.0 (ELSA-2023-6938)
  • 184112 Debian Security Update for golang-1.19golang-golang-x-net (CVE-2022-41723)
  • 241546 Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:1325)
  • 241580 Red Hat Update for OpenStack Platform 16.1 (RHSA-2023:3447)
  • 241582 Red Hat Update for OpenStack Platform 16.2 (RHSA-2023:3445)
  • 242287 Red Hat Update for buildah (RHSA-2023:6473)
  • 242288 Red Hat Update for toolbox (RHSA-2023:6346)
  • 242299 Red Hat Update for containernetworking-plugins (RHSA-2023:6402)
  • 242319 Red Hat Update for skopeo (RHSA-2023:6363)
  • 242335 Red Hat Update for podman security (RHSA-2023:6474)
  • 242415 Red Hat Update for container-tools:rhel8 (RHSA-2023:6939)
  • 242456 Red Hat Update for rhc security (RHSA-2023:7058)
  • 242458 Red Hat Update for container-tools:4.0 (RHSA-2023:6938)
  • 242991 Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2024:0948)
  • 283815 Fedora Security Update for gmailctl (FEDORA-2023-ca444fdecf)
  • 283816 Fedora Security Update for gmailctl (FEDORA-2023-abb47e24d8)
  • 283875 Fedora Security Update for skopeo (FEDORA-2023-28c182b657)
  • 283903 Fedora Security Update for gh (FEDORA-2023-cb20f08a4e)
  • 283927 Fedora Security Update for doctl (FEDORA-2023-3737bc1c0a)
  • 284205 Fedora Security Update for skopeo (FEDORA-2023-ccaf5538dd)
  • 284244 Fedora Security Update for gmailctl (FEDORA-2023-8c02aee138)
  • 284753 Fedora Security Update for podman (FEDORA-2023-e359fd31d2)
  • 284754 Fedora Security Update for podman (FEDORA-2023-a5a5542890)
  • 285148 Fedora Security Update for podman (FEDORA-2023-327346caa5)
  • 285300 Fedora Security Update for golang (FEDORA-2023-dc7cceb285)
  • 285301 Fedora Security Update for rclone (FEDORA-2023-2f0957b051)
  • 285304 Fedora Security Update for caddy (FEDORA-2023-30431913bc)
  • 354890 Amazon Linux Security Advisory for golang : ALAS2-2023-2015
  • 354901 Amazon Linux Security Advisory for golang : ALAS-2023-1731
  • 355210 Amazon Linux Security Advisory for golang : ALAS2023-2023-142
  • 355611 Amazon Linux Security Advisory for rclone : ALAS2-2023-2143
  • 355639 Amazon Linux Security Advisory for docker : ALAS2023-2023-260
  • 355774 Amazon Linux Security Advisory for cni-plugins : ALAS2-2023-2192
  • 355781 Amazon Linux Security Advisory for cri-tools : ALAS2-2023-2194
  • 355782 Amazon Linux Security Advisory for nerdctl : ALAS2-2023-2193
  • 355797 Amazon Linux Security Advisory for containerd : ALAS2NITRO-ENCLAVES-2023-026
  • 355837 Amazon Linux Security Advisory for containerd : ALAS2DOCKER-2023-029
  • 355883 Amazon Linux Security Advisory for nerdctl : ALAS2023-2023-313
  • 356304 Amazon Linux Security Advisory for golang : ALASGOLANG1.19-2023-002
  • 356363 Amazon Linux Security Advisory for containerd : ALAS-2023-1849
  • 356428 Amazon Linux Security Advisory for amazon-ssm-agent : ALAS2-2023-2303
  • 356458 Amazon Linux Security Advisory for amazon-ssm-agent : ALAS-2023-1866
  • 356521 Amazon Linux Security Advisory for amazon-ssm-agent : ALAS2023-2023-388
  • 356553 Amazon Linux Security Advisory for docker : ALAS-2023-1881
  • 379641 Alibaba Cloud Linux Security Update for container-tools:rhel8 (ALINUX3-SA-2024:0050)
  • 502861 Alpine Linux Security Update for go
  • 503186 Alpine Linux Security Update for go
  • 503217 Alpine Linux Security Update for podman
  • 506079 Alpine Linux Security Update for go
  • 506160 Alpine Linux Security Update for podman
  • 672934 EulerOS Security Update for golang (EulerOS-SA-2023-1822)
  • 672950 EulerOS Security Update for golang (EulerOS-SA-2023-1804)
  • 672974 EulerOS Security Update for golang (EulerOS-SA-2023-1844)
  • 673009 EulerOS Security Update for golang (EulerOS-SA-2023-1869)
  • 673077 EulerOS Security Update for golang (EulerOS-SA-2023-2146)
  • 673123 EulerOS Security Update for golang (EulerOS-SA-2023-2292)
  • 673132 EulerOS Security Update for golang (EulerOS-SA-2023-2268)
  • 673963 EulerOS Security Update for golang (EulerOS-SA-2024-1269)
  • 691061 Free Berkeley Software Distribution (FreeBSD) Security Update for go (3d73e384-ad1f-11ed-983c-83fe35862e3a)
  • 710791 Gentoo Linux Go Multiple Vulnerabilities (GLSA 202311-09)
  • 753772 SUSE Enterprise Linux Security Update for go1.19 (SUSE-SU-2023:0733-1)
  • 753815 SUSE Enterprise Linux Security Update for SUSE Manager Client Tools (SUSE-SU-2023:0812-1)
  • 753836 SUSE Enterprise Linux Security Update for go1.18 (SUSE-SU-2023:0869-1)
  • 753839 SUSE Enterprise Linux Security Update for container-suseconnect (SUSE-SU-2023:0871-1)
  • 754047 SUSE Enterprise Linux Security Update for go1.18-openssl (SUSE-SU-2023:2312-1)
  • 754978 SUSE Enterprise Linux Security Update for SUSE Manager Client Tools (SUSE-SU-2023:3868-1)
  • 754979 SUSE Enterprise Linux Security Update for SUSE Manager Client Tools (SUSE-SU-2023:3867-1)
  • 755121 SUSE Enterprise Linux Security Update for helm (SUSE-SU-2023:4124-1)
  • 755846 SUSE Enterprise Linux Security Update for golang-github-prometheus-prometheus (SUSE-SU-2023:2598-1)
  • 770186 Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:1325)
  • 770233 Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2024:0948)
  • 906749 Common Base Linux Mariner (CBL-Mariner) Security Update for telegraf (25940-1)
  • 907411 Common Base Linux Mariner (CBL-Mariner) Security Update for skopeo (25939-1)
  • 908026 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (25350-2)
  • 908030 Common Base Linux Mariner (CBL-Mariner) Security Update for kubevirt (26732)
  • 908048 Common Base Linux Mariner (CBL-Mariner) Security Update for kubevirt (26732-1)
  • 908074 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (25350-4)
  • 941383 AlmaLinux Security Update for containernetworking-plugins (ALSA-2023:6402)
  • 941386 AlmaLinux Security Update for buildah (ALSA-2023:6473)
  • 941391 AlmaLinux Security Update for toolbox (ALSA-2023:6346)
  • 941399 AlmaLinux Security Update for podman (ALSA-2023:6474)
  • 941405 AlmaLinux Security Update for skopeo (ALSA-2023:6363)
  • 941444 AlmaLinux Security Update for container-tools:4.0 (ALSA-2023:6938)
  • 941481 AlmaLinux Security Update for container-tools:rhel8 (ALSA-2023:6939)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report