CVE-2023-29406

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2023-29406
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2023-07-11 20:15:00 UTC
Updated2023-11-25 11:15:00 UTC
DescriptionThe HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.

Risk And Classification

Problem Types: CWE-436

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Golang Go All All All All

References

ReferenceSourceLinkTags
Go: Multiple Vulnerabilities (GLSA 202311-09) — Gentoo security security.gentoo.org
net/http: insufficient sanitization of Host header · Issue #60374 · golang/go · GitHub MISC go.dev
go.dev/cl/506996 MISC go.dev
GO-2023-1878 - Go Packages MISC pkg.go.dev
[security] Go 1.20.6 and Go 1.19.11 are released MISC groups.google.com
CVE-2023-29406 Golang Vulnerability in NetApp Products | NetApp Product Security MISC security.netapp.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 161061 Oracle Enterprise Linux Security Update for skopeo (ELSA-2023-6363)
  • 161062 Oracle Enterprise Linux Security Update for containernetworking-plugins (ELSA-2023-6402)
  • 161063 Oracle Enterprise Linux Security Update for podman (ELSA-2023-6474)
  • 161105 Oracle Enterprise Linux Security Update for buildah (ELSA-2023-6473)
  • 161175 Oracle Enterprise Linux Security Update for container-tools:ol8 (ELSA-2023-6939)
  • 161187 Oracle Enterprise Linux Security Update for container-tools:4.0 (ELSA-2023-6938)
  • 161188 Oracle Enterprise Linux Security Update for container-tools:4.0 (ELSA-2023-7202)
  • 242173 Red Hat Update for go-toolset:rhel8 (RHSA-2023:5721)
  • 242176 Red Hat Update for go-toolset and golang (RHSA-2023:5738)
  • 242287 Red Hat Update for buildah (RHSA-2023:6473)
  • 242288 Red Hat Update for toolbox (RHSA-2023:6346)
  • 242299 Red Hat Update for containernetworking-plugins (RHSA-2023:6402)
  • 242319 Red Hat Update for skopeo (RHSA-2023:6363)
  • 242335 Red Hat Update for podman security (RHSA-2023:6474)
  • 242347 Red Hat Update for Satellite 6.14 (RHSA-2023:6818)
  • 242381 Red Hat Update for OpenStack Platform 16.2.5 (RHSA-2023:5965)
  • 242415 Red Hat Update for container-tools:rhel8 (RHSA-2023:6939)
  • 242432 Red Hat Update for container-tools:4.0 (RHSA-2023:7202)
  • 242458 Red Hat Update for container-tools:4.0 (RHSA-2023:6938)
  • 242464 Red Hat OpenShift Container Platform 4.14 Security Update (RHSA-2023:6840)
  • 242737 Red Hat OpenShift Container Platform 4.14 Security Update (RHSA-2024:0293)
  • 355781 Amazon Linux Security Advisory for cri-tools : ALAS2-2023-2194
  • 355782 Amazon Linux Security Advisory for nerdctl : ALAS2-2023-2193
  • 355786 Amazon Linux Security Advisory for golang : ALAS2-2023-2186
  • 355788 Amazon Linux Security Advisory for golist : ALAS2-2023-2185
  • 355793 Amazon Linux Security Advisory for runc : ALAS2NITRO-ENCLAVES-2023-025
  • 355797 Amazon Linux Security Advisory for containerd : ALAS2NITRO-ENCLAVES-2023-026
  • 355806 Amazon Linux Security Advisory for golang : ALAS2023-2023-283
  • 355836 Amazon Linux Security Advisory for runc : ALAS2DOCKER-2023-028
  • 355837 Amazon Linux Security Advisory for containerd : ALAS2DOCKER-2023-029
  • 355872 Amazon Linux Security Advisory for containerd : ALAS2023-2023-312
  • 355883 Amazon Linux Security Advisory for nerdctl : ALAS2023-2023-313
  • 355884 Amazon Linux Security Advisory for runc : ALAS2023-2023-311
  • 356112 Amazon Linux Security Advisory for docker : ALAS2023-2023-345
  • 356114 Amazon Linux Security Advisory for oci-add-hooks : ALAS2023-2023-347
  • 356115 Amazon Linux Security Advisory for amazon-ecr-credential-helper : ALAS2023-2023-346
  • 356362 Amazon Linux Security Advisory for golang : ALAS-2023-1848
  • 356363 Amazon Linux Security Advisory for containerd : ALAS-2023-1849
  • 356374 Amazon Linux Security Advisory for amazon-ssm-agent : ALAS2023-2023-373
  • 356428 Amazon Linux Security Advisory for amazon-ssm-agent : ALAS2-2023-2303
  • 379641 Alibaba Cloud Linux Security Update for container-tools:rhel8 (ALINUX3-SA-2024:0050)
  • 503191 Alpine Linux Security Update for go
  • 506084 Alpine Linux Security Update for go
  • 673336 EulerOS Security Update for golang (EulerOS-SA-2023-3006)
  • 673747 EulerOS Security Update for golang (EulerOS-SA-2023-3178)
  • 673850 EulerOS Security Update for golang (EulerOS-SA-2024-1140)
  • 673945 EulerOS Security Update for golang (EulerOS-SA-2023-3213)
  • 673979 EulerOS Security Update for golang (EulerOS-SA-2023-3299)
  • 673988 EulerOS Security Update for golang (EulerOS-SA-2023-3331)
  • 674001 EulerOS Security Update for golang (EulerOS-SA-2023-3029)
  • 691224 Free Berkeley Software Distribution (FreeBSD) Security Update for go (78f2e491-312d-11ee-85f2-bd89b893fcb4)
  • 710791 Gentoo Linux Go Multiple Vulnerabilities (GLSA 202311-09)
  • 754175 SUSE Enterprise Linux Security Update for go1.20 (SUSE-SU-2023:2846-1)
  • 754176 SUSE Enterprise Linux Security Update for go1.19 (SUSE-SU-2023:2845-1)
  • 754950 SUSE Enterprise Linux Security Update for go1.19-openssl (SUSE-SU-2023:3841-1)
  • 770214 Red Hat OpenShift Container Platform 4.14 Security Update (RHSA-2023:6840)
  • 770224 Red Hat OpenShift Container Platform 4.14 Security Update (RHSA-2024:0293)
  • 907906 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (27410-2)
  • 907911 Common Base Linux Mariner (CBL-Mariner) Security Update for msft-golang (28831-1)
  • 941383 AlmaLinux Security Update for containernetworking-plugins (ALSA-2023:6402)
  • 941386 AlmaLinux Security Update for buildah (ALSA-2023:6473)
  • 941391 AlmaLinux Security Update for toolbox (ALSA-2023:6346)
  • 941399 AlmaLinux Security Update for podman (ALSA-2023:6474)
  • 941405 AlmaLinux Security Update for skopeo (ALSA-2023:6363)
  • 941444 AlmaLinux Security Update for container-tools:4.0 (ALSA-2023:6938)
  • 941478 AlmaLinux Security Update for container-tools:4.0 (ALSA-2023:7202)
  • 941481 AlmaLinux Security Update for container-tools:rhel8 (ALSA-2023:6939)
  • 961065 Rocky Linux Security Update for Satellite (RLSA-2023:6818)
  • 961074 Rocky Linux Security Update for container-tools:4.0 (RLSA-2023:7202)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report