{"api_version":"1","generated_at":"2026-04-22T19:37:43+00:00","cve":"CVE-2023-39325","urls":{"html":"https://cve.report/CVE-2023-39325","api":"https://cve.report/api/cve/CVE-2023-39325.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-39325","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-39325"},"summary":{"title":"CVE-2023-39325","description":"A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.","state":"PUBLIC","assigner":"security@golang.org","published_at":"2023-10-11 22:15:00","updated_at":"2024-03-10 04:15:00"},"problem_types":["CWE-770"],"metrics":[],"references":[{"url":"https://security.gentoo.org/glsa/202311-09","name":"https://security.gentoo.org/glsa/202311-09","refsource":"","tags":[],"title":"Go: Multiple Vulnerabilities (GLSA 202311-09) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/","refsource":"","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://go.dev/cl/534215","name":"https://go.dev/cl/534215","refsource":"MISC","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/","refsource":"","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/","refsource":"","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/","refsource":"","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/","refsource":"","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ","name":"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ","refsource":"MISC","tags":[],"title":"[security] Go 1.21.3 and Go 1.20.10 are released","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://go.dev/issue/63417","name":"https://go.dev/issue/63417","refsource":"MISC","tags":[],"title":"net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) · Issue #63417 · golang/go · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://pkg.go.dev/vuln/GO-2023-2102","name":"https://pkg.go.dev/vuln/GO-2023-2102","refsource":"MISC","tags":[],"title":"GO-2023-2102 - Go Packages","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://security.netapp.com/advisory/ntap-20231110-0008/","name":"https://security.netapp.com/advisory/ntap-20231110-0008/","refsource":"","tags":[],"title":"CVE-2023-39325 Golang Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 38 Update: golang-1.20.10-2.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/","refsource":"","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/","refsource":"","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/","refsource":"","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 39 Update: golang-1.21.3-1.fc39 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 37 Update: golang-1.20.10-3.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://go.dev/cl/534235","name":"https://go.dev/cl/534235","refsource":"MISC","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-39325","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39325","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"39325","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"39325","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"38","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"39325","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"39","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"39325","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"golang","cpe5":"go","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"39325","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"golang","cpe5":"http2","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"go","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"39325","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"astra_trident","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"39325","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"astra_trident_autosupport","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-39325","qid":"160996","title":"Oracle Enterprise Linux Security Update for go-toolset:ol8 (ELSA-2023-5721)"},{"cve":"CVE-2023-39325","qid":"160998","title":"Oracle Enterprise Linux Security Update for go-toolset and golang (ELSA-2023-5738)"},{"cve":"CVE-2023-39325","qid":"161009","title":"Oracle Enterprise Linux Security Update for grafana (ELSA-2023-5867)"},{"cve":"CVE-2023-39325","qid":"161011","title":"Oracle Enterprise Linux Security Update for grafana (ELSA-2023-5863)"},{"cve":"CVE-2023-39325","qid":"161216","title":"Oracle Enterprise Linux Security Update for conmon (ELSA-2023-13029)"},{"cve":"CVE-2023-39325","qid":"161217","title":"Oracle Enterprise Linux Security Update for conmon (ELSA-2023-13028)"},{"cve":"CVE-2023-39325","qid":"161254","title":"Oracle Enterprise Linux Security Update for conmon (ELSA-2023-13053)"},{"cve":"CVE-2023-39325","qid":"161255","title":"Oracle Enterprise Linux Security Update for conmon (ELSA-2023-13054)"},{"cve":"CVE-2023-39325","qid":"200040","title":"Ubuntu Security Notification for Go Vulnerabilities (USN-6574-1)"},{"cve":"CVE-2023-39325","qid":"242173","title":"Red Hat Update for go-toolset:rhel8 (RHSA-2023:5721)"},{"cve":"CVE-2023-39325","qid":"242176","title":"Red Hat Update for go-toolset and golang (RHSA-2023:5738)"},{"cve":"CVE-2023-39325","qid":"242192","title":"Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:5675)"},{"cve":"CVE-2023-39325","qid":"242193","title":"Red Hat Update for rhc-worker-script enhancement and (RHSA-2023:5835)"},{"cve":"CVE-2023-39325","qid":"242198","title":"Red Hat OpenShift Container Platform 4.12 Security Update (RHSA-2023:5679)"},{"cve":"CVE-2023-39325","qid":"242208","title":"Red Hat OpenShift Container Platform 4.11 Security Update (RHSA-2023:5717)"},{"cve":"CVE-2023-39325","qid":"242212","title":"Red Hat Update for grafana (RHSA-2023:5866)"},{"cve":"CVE-2023-39325","qid":"242214","title":"Red Hat Update for grafana (RHSA-2023:5864)"},{"cve":"CVE-2023-39325","qid":"242219","title":"Red Hat Update for grafana (RHSA-2023:5863)"},{"cve":"CVE-2023-39325","qid":"242228","title":"Red Hat Update for OpenStack Platform 17.1.1 (RHSA-2023:5969)"},{"cve":"CVE-2023-39325","qid":"242229","title":"Red Hat Update for Satellite 6.11.5.6 (RHSA-2023:5980)"},{"cve":"CVE-2023-39325","qid":"242230","title":"Red Hat Update for Satellite 6.12.5.2 (RHSA-2023:5979)"},{"cve":"CVE-2023-39325","qid":"242241","title":"Red Hat Update for toolbox (RHSA-2023:6057)"},{"cve":"CVE-2023-39325","qid":"242244","title":"Red Hat Update for toolbox (RHSA-2023:6077)"},{"cve":"CVE-2023-39325","qid":"242347","title":"Red Hat Update for Satellite 6.14 (RHSA-2023:6818)"},{"cve":"CVE-2023-39325","qid":"242357","title":"Red Hat Update for OpenStack Platform 17.1.1 (RHSA-2023:5970)"},{"cve":"CVE-2023-39325","qid":"242362","title":"Red Hat Update for grafana (RHSA-2023:5867)"},{"cve":"CVE-2023-39325","qid":"242363","title":"Red Hat Update for Satellite 6.13.5 (RHSA-2023:5931)"},{"cve":"CVE-2023-39325","qid":"242365","title":"Red Hat Update for OpenStack Platform 16.2.5 (RHSA-2023:5964)"},{"cve":"CVE-2023-39325","qid":"242374","title":"Red Hat OpenShift Container Platform 4.14 Security Update (RHSA-2023:5009)"},{"cve":"CVE-2023-39325","qid":"242378","title":"Red Hat Update for OpenStack Platform 16.1.9 (RHSA-2023:5967)"},{"cve":"CVE-2023-39325","qid":"242381","title":"Red Hat Update for OpenStack Platform 16.2.5 (RHSA-2023:5965)"},{"cve":"CVE-2023-39325","qid":"242401","title":"Red Hat Update for grafana (RHSA-2023:5865)"},{"cve":"CVE-2023-39325","qid":"242464","title":"Red Hat OpenShift Container Platform 4.14 Security Update (RHSA-2023:6840)"},{"cve":"CVE-2023-39325","qid":"242465","title":"Red Hat OpenShift Container Platform 4.14 Security Update (RHSA-2023:6839)"},{"cve":"CVE-2023-39325","qid":"242989","title":"Red Hat OpenShift Container Platform 4.15 Security Update (RHSA-2023:7201)"},{"cve":"CVE-2023-39325","qid":"242990","title":"Red Hat OpenShift Container Platform 4.15 Security Update (RHSA-2023:7200)"},{"cve":"CVE-2023-39325","qid":"284688","title":"Fedora Security Update for golang (FEDORA-2023-fe53e13b5b)"},{"cve":"CVE-2023-39325","qid":"284689","title":"Fedora Security Update for golang (FEDORA-2023-4bf641255e)"},{"cve":"CVE-2023-39325","qid":"284741","title":"Fedora Security Update for pack (FEDORA-2023-5029b92850)"},{"cve":"CVE-2023-39325","qid":"284742","title":"Fedora Security Update for pack (FEDORA-2023-257f33c602)"},{"cve":"CVE-2023-39325","qid":"284743","title":"Fedora Security Update for syncthing (FEDORA-2023-fa2d7b25d9)"},{"cve":"CVE-2023-39325","qid":"284744","title":"Fedora Security Update for syncthing (FEDORA-2023-d58c8eeb7c)"},{"cve":"CVE-2023-39325","qid":"284753","title":"Fedora Security Update for podman (FEDORA-2023-e359fd31d2)"},{"cve":"CVE-2023-39325","qid":"284754","title":"Fedora Security Update for podman (FEDORA-2023-a5a5542890)"},{"cve":"CVE-2023-39325","qid":"284755","title":"Fedora Security Update for prometheus (FEDORA-2023-b43faebc9f)"},{"cve":"CVE-2023-39325","qid":"284756","title":"Fedora Security Update for prometheus (FEDORA-2023-b60ff8c9ec)"},{"cve":"CVE-2023-39325","qid":"284776","title":"Fedora Security Update for golang (FEDORA-2023-66966ae3d0)"},{"cve":"CVE-2023-39325","qid":"284783","title":"Fedora Security Update for golang (FEDORA-2023-c858d2c53b)"},{"cve":"CVE-2023-39325","qid":"284784","title":"Fedora Security Update for golang (FEDORA-2023-548163deb1)"},{"cve":"CVE-2023-39325","qid":"284798","title":"Fedora Security Update for gmailctl (FEDORA-2023-6f4c5b6331)"},{"cve":"CVE-2023-39325","qid":"284861","title":"Fedora Security Update for golang (FEDORA-2024-fd3545a844)"},{"cve":"CVE-2023-39325","qid":"284862","title":"Fedora Security Update for golang (FEDORA-2024-ae653fb07b)"},{"cve":"CVE-2023-39325","qid":"284863","title":"Fedora Security Update for golang (FEDORA-2024-0ac454dafc)"},{"cve":"CVE-2023-39325","qid":"284868","title":"Fedora Security Update for golang (FEDORA-2024-f99ecead66)"},{"cve":"CVE-2023-39325","qid":"284901","title":"Fedora Security Update for golang (FEDORA-2024-f99ecead66)"},{"cve":"CVE-2023-39325","qid":"285047","title":"Fedora Security Update for golang (FEDORA-2024-07c811c7a5)"},{"cve":"CVE-2023-39325","qid":"285052","title":"Fedora Security Update for golang (FEDORA-2024-b85b97c0e9)"},{"cve":"CVE-2023-39325","qid":"285053","title":"Fedora Security Update for golang (FEDORA-2024-fb32950d11)"},{"cve":"CVE-2023-39325","qid":"285054","title":"Fedora Security Update for golang (FEDORA-2024-5d8e87ec66)"},{"cve":"CVE-2023-39325","qid":"285121","title":"Fedora Security Update for gmailctl (FEDORA-2023-e3e4e3f51a)"},{"cve":"CVE-2023-39325","qid":"285131","title":"Fedora Security Update for golang (FEDORA-2023-fa2ec3d3e0)"},{"cve":"CVE-2023-39325","qid":"285137","title":"Fedora Security Update for golang (FEDORA-2023-3a895ff65c)"},{"cve":"CVE-2023-39325","qid":"285148","title":"Fedora Security Update for podman (FEDORA-2023-327346caa5)"},{"cve":"CVE-2023-39325","qid":"285149","title":"Fedora Security Update for prometheus (FEDORA-2023-b75ee820ce)"},{"cve":"CVE-2023-39325","qid":"285152","title":"Fedora Security Update for syncthing (FEDORA-2023-0d46257314)"},{"cve":"CVE-2023-39325","qid":"285182","title":"Fedora Security Update for golang (FEDORA-2023-822aab0a5a)"},{"cve":"CVE-2023-39325","qid":"285323","title":"Fedora Security Update for golang (FEDORA-2024-0d4d9925a2)"},{"cve":"CVE-2023-39325","qid":"285324","title":"Fedora Security Update for golang (FEDORA-2024-c3e32c5635)"},{"cve":"CVE-2023-39325","qid":"285337","title":"Fedora Security Update for exercism (FEDORA-2024-cafa04a149)"},{"cve":"CVE-2023-39325","qid":"296105","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 63.157.1 Missing (CPUOCT2023)"},{"cve":"CVE-2023-39325","qid":"356411","title":"Amazon Linux Security Advisory for golang : ALAS2-2023-2313"},{"cve":"CVE-2023-39325","qid":"356455","title":"Amazon Linux Security Advisory for golang : ALAS-2023-1871"},{"cve":"CVE-2023-39325","qid":"356480","title":"Amazon Linux Security Advisory for runc : ALAS2DOCKER-2023-033"},{"cve":"CVE-2023-39325","qid":"356484","title":"Amazon Linux Security Advisory for containerd : ALAS2DOCKER-2023-032"},{"cve":"CVE-2023-39325","qid":"356513","title":"Amazon Linux Security Advisory for golang : ALAS2023-2023-394"},{"cve":"CVE-2023-39325","qid":"356514","title":"Amazon Linux Security Advisory for containerd : ALAS2023-2023-395"},{"cve":"CVE-2023-39325","qid":"356531","title":"Amazon Linux Security Advisory for docker : ALAS2023-2023-397"},{"cve":"CVE-2023-39325","qid":"356532","title":"Amazon Linux Security Advisory for runc : ALAS2023-2023-396"},{"cve":"CVE-2023-39325","qid":"356558","title":"Amazon Linux Security Advisory for containerd : ALAS2ECS-2023-017"},{"cve":"CVE-2023-39325","qid":"356559","title":"Amazon Linux Security Advisory for runc : ALAS2ECS-2023-018"},{"cve":"CVE-2023-39325","qid":"356564","title":"Amazon Linux Security Advisory for amazon-ecr-credential-helper : ALAS2DOCKER-2023-034"},{"cve":"CVE-2023-39325","qid":"356574","title":"Amazon Linux Security Advisory for docker : ALAS2ECS-2023-019"},{"cve":"CVE-2023-39325","qid":"356580","title":"Amazon Linux Security Advisory for docker : ALAS2DOCKER-2023-031"},{"cve":"CVE-2023-39325","qid":"356589","title":"Amazon Linux Security Advisory for runc : ALAS2NITRO-ENCLAVES-2023-032"},{"cve":"CVE-2023-39325","qid":"356591","title":"Amazon Linux Security Advisory for docker : ALAS2NITRO-ENCLAVES-2023-030"},{"cve":"CVE-2023-39325","qid":"356593","title":"Amazon Linux Security Advisory for cni-plugins : ALAS2-2023-2325"},{"cve":"CVE-2023-39325","qid":"356594","title":"Amazon Linux Security Advisory for golist : ALAS2-2023-2326"},{"cve":"CVE-2023-39325","qid":"356601","title":"Amazon Linux Security Advisory for amazon-ecr-credential-helper : ALAS2NITRO-ENCLAVES-2023-033"},{"cve":"CVE-2023-39325","qid":"356603","title":"Amazon Linux Security Advisory for cri-tools : ALAS2-2023-2324"},{"cve":"CVE-2023-39325","qid":"356604","title":"Amazon Linux Security Advisory for containerd : ALAS2NITRO-ENCLAVES-2023-031"},{"cve":"CVE-2023-39325","qid":"356614","title":"Amazon Linux Security Advisory for oci-add-hooks : ALAS2023-2023-418"},{"cve":"CVE-2023-39325","qid":"356625","title":"Amazon Linux Security Advisory for cni-plugins : ALAS2023-2023-419"},{"cve":"CVE-2023-39325","qid":"356737","title":"Amazon Linux Security Advisory for nerdctl : ALAS2-2023-2339"},{"cve":"CVE-2023-39325","qid":"356747","title":"Amazon Linux Security Advisory for containerd : ALAS-2023-1888"},{"cve":"CVE-2023-39325","qid":"356878","title":"Amazon Linux Security Advisory for ecs-init : ALAS2ECS-2023-020"},{"cve":"CVE-2023-39325","qid":"356897","title":"Amazon Linux Security Advisory for ecs-init : ALAS2023-2023-434"},{"cve":"CVE-2023-39325","qid":"356912","title":"Amazon Linux Security Advisory for ecs-init : ALAS2023-2023-435"},{"cve":"CVE-2023-39325","qid":"357008","title":"Amazon Linux Security Advisory for amazon-cloudwatch-agent : ALAS2-2024-2424"},{"cve":"CVE-2023-39325","qid":"357038","title":"Amazon Linux Security Advisory for amazon-cloudwatch-agent : ALAS2023-2024-498"},{"cve":"CVE-2023-39325","qid":"357040","title":"Amazon Linux Security Advisory for containerd : ALAS2023-2024-499"},{"cve":"CVE-2023-39325","qid":"357082","title":"Amazon Linux Security Advisory for containerd : ALAS2DOCKER-2024-037"},{"cve":"CVE-2023-39325","qid":"357098","title":"Amazon Linux Security Advisory for containerd : ALAS2NITRO-ENCLAVES-2024-037"},{"cve":"CVE-2023-39325","qid":"357256","title":"Amazon Linux Security Advisory for containerd : ALAS2NITRO-ENCLAVES-2024-038"},{"cve":"CVE-2023-39325","qid":"357257","title":"Amazon Linux Security Advisory for containerd : ALAS2DOCKER-2024-038"},{"cve":"CVE-2023-39325","qid":"357323","title":"Amazon Linux Security Advisory for containerd : ALAS2ECS-2024-035"},{"cve":"CVE-2023-39325","qid":"378964","title":"Alibaba Cloud Linux Security Update for grafana (ALINUX3-SA-2023:0131)"},{"cve":"CVE-2023-39325","qid":"379545","title":"Splunk Enterprise Third Party Package Updates for March 2024 (SVD-2024-0303)"},{"cve":"CVE-2023-39325","qid":"379646","title":"Alibaba Cloud Linux Security Update for go-toolset:rhel8 (ALINUX3-SA-2024:0033)"},{"cve":"CVE-2023-39325","qid":"503386","title":"Alpine Linux Security Update for go"},{"cve":"CVE-2023-39325","qid":"506088","title":"Alpine Linux Security Update for go"},{"cve":"CVE-2023-39325","qid":"6140372","title":"AWS Bottlerocket Security Update for HTTP/2 (GHSA-48vh-q3rp-4grw)"},{"cve":"CVE-2023-39325","qid":"673519","title":"EulerOS Security Update for golang (EulerOS-SA-2023-3270)"},{"cve":"CVE-2023-39325","qid":"673612","title":"EulerOS Security Update for golang (EulerOS-SA-2024-1082)"},{"cve":"CVE-2023-39325","qid":"673963","title":"EulerOS Security Update for golang (EulerOS-SA-2024-1269)"},{"cve":"CVE-2023-39325","qid":"673979","title":"EulerOS Security Update for golang (EulerOS-SA-2023-3299)"},{"cve":"CVE-2023-39325","qid":"673981","title":"EulerOS Security Update for golang (EulerOS-SA-2024-1058)"},{"cve":"CVE-2023-39325","qid":"673988","title":"EulerOS Security Update for golang (EulerOS-SA-2023-3331)"},{"cve":"CVE-2023-39325","qid":"674107","title":"EulerOS Security Update for golang (EulerOS-SA-2023-3242)"},{"cve":"CVE-2023-39325","qid":"691327","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for traefik (7a1b2624-6a89-11ee-af06-5404a68ad561)"},{"cve":"CVE-2023-39325","qid":"710791","title":"Gentoo Linux Go Multiple Vulnerabilities (GLSA 202311-09)"},{"cve":"CVE-2023-39325","qid":"755088","title":"SUSE Enterprise Linux Security Update for go1.21 (SUSE-SU-2023:4069-1)"},{"cve":"CVE-2023-39325","qid":"755089","title":"SUSE Enterprise Linux Security Update for go1.20 (SUSE-SU-2023:4068-1)"},{"cve":"CVE-2023-39325","qid":"755272","title":"SUSE Enterprise Linux Security Update for go1.20-openssl (SUSE-SU-2023:4472-1)"},{"cve":"CVE-2023-39325","qid":"755275","title":"SUSE Enterprise Linux Security Update for go1.21-openssl (SUSE-SU-2023:4469-1)"},{"cve":"CVE-2023-39325","qid":"770208","title":"Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:5675)"},{"cve":"CVE-2023-39325","qid":"770209","title":"Red Hat OpenShift Container Platform 4.12 Security Update (RHSA-2023:5679)"},{"cve":"CVE-2023-39325","qid":"770210","title":"Red Hat OpenShift Container Platform 4.11 Security Update (RHSA-2023:5717)"},{"cve":"CVE-2023-39325","qid":"770213","title":"Red Hat OpenShift Container Platform 4.14 Security Update (RHSA-2023:5009)"},{"cve":"CVE-2023-39325","qid":"770214","title":"Red Hat OpenShift Container Platform 4.14 Security Update (RHSA-2023:6840)"},{"cve":"CVE-2023-39325","qid":"770234","title":"Red Hat OpenShift Container Platform 4.15 Security Update (RHSA-2023:7201)"},{"cve":"CVE-2023-39325","qid":"907488","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for cert-manager (31639-1)"},{"cve":"CVE-2023-39325","qid":"907491","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for golang (31310-1)"},{"cve":"CVE-2023-39325","qid":"907493","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for opa (31648-1)"},{"cve":"CVE-2023-39325","qid":"907494","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for moby-containerd (31646-1)"},{"cve":"CVE-2023-39325","qid":"907495","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for skopeo (31660-1)"},{"cve":"CVE-2023-39325","qid":"907497","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for moby-containerd-cc (31647-1)"},{"cve":"CVE-2023-39325","qid":"907501","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for coredns (31691-1)"},{"cve":"CVE-2023-39325","qid":"907504","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for etcd (31692-1)"},{"cve":"CVE-2023-39325","qid":"907505","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for cri-tools (31609-1)"},{"cve":"CVE-2023-39325","qid":"907507","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for moby-compose (31645-1)"},{"cve":"CVE-2023-39325","qid":"907514","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for telegraf (31616-1)"},{"cve":"CVE-2023-39325","qid":"907516","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for vitess (31655-1)"},{"cve":"CVE-2023-39325","qid":"907604","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for multus (31859-1)"},{"cve":"CVE-2023-39325","qid":"907606","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for blobfuse2 (31608-1)"},{"cve":"CVE-2023-39325","qid":"907619","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kured (31857-1)"},{"cve":"CVE-2023-39325","qid":"907823","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for golang (31310-2)"},{"cve":"CVE-2023-39325","qid":"907875","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for coredns (31691-2)"},{"cve":"CVE-2023-39325","qid":"907877","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for moby-containerd-cc (31647-2)"},{"cve":"CVE-2023-39325","qid":"907908","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for moby-compose (31645-2)"},{"cve":"CVE-2023-39325","qid":"907920","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for vitess (31655-2)"},{"cve":"CVE-2023-39325","qid":"907921","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for packer (33330-1)"},{"cve":"CVE-2023-39325","qid":"941296","title":"AlmaLinux Security Update for go-toolset:rhel8 (ALSA-2023:5721)"},{"cve":"CVE-2023-39325","qid":"941298","title":"AlmaLinux Security Update for go-toolset and golang (ALSA-2023:5738)"},{"cve":"CVE-2023-39325","qid":"941308","title":"AlmaLinux Security Update for grafana (ALSA-2023:5863)"},{"cve":"CVE-2023-39325","qid":"941310","title":"AlmaLinux Security Update for grafana (ALSA-2023:5867)"},{"cve":"CVE-2023-39325","qid":"941329","title":"AlmaLinux Security Update for toolbox (ALSA-2023:6077)"},{"cve":"CVE-2023-39325","qid":"961056","title":"Rocky Linux Security Update for grafana (RLSA-2023:5863)"},{"cve":"CVE-2023-39325","qid":"961058","title":"Rocky Linux Security Update for go-toolset and golang (RLSA-2023:5738)"},{"cve":"CVE-2023-39325","qid":"961063","title":"Rocky Linux Security Update for go-toolset:rhel8 (RLSA-2023:5721)"},{"cve":"CVE-2023-39325","qid":"961065","title":"Rocky Linux Security Update for Satellite (RLSA-2023:6818)"},{"cve":"CVE-2023-39325","qid":"961071","title":"Rocky Linux Security Update for toolbox (RLSA-2023:6077)"},{"cve":"CVE-2023-39325","qid":"995566","title":"GO (Go) Security Update for golang.org/x/net (GHSA-4374-p667-p6c8)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-39325","ASSIGNER":"security@golang.org","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-400: Uncontrolled Resource Consumption"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Go standard library","product":{"product_data":[{"product_name":"net/http","version":{"version_data":[{"version_affected":"<","version_name":"0","version_value":"1.20.10"},{"version_affected":"<","version_name":"1.21.0-0","version_value":"1.21.3"}]}}]}},{"vendor_name":"golang.org/x/net","product":{"product_data":[{"product_name":"golang.org/x/net/http2","version":{"version_data":[{"version_affected":"<","version_name":"0","version_value":"0.17.0"}]}}]}}]}},"references":{"reference_data":[{"url":"https://go.dev/issue/63417","refsource":"MISC","name":"https://go.dev/issue/63417"},{"url":"https://go.dev/cl/534215","refsource":"MISC","name":"https://go.dev/cl/534215"},{"url":"https://go.dev/cl/534235","refsource":"MISC","name":"https://go.dev/cl/534235"},{"url":"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ","refsource":"MISC","name":"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ"},{"url":"https://pkg.go.dev/vuln/GO-2023-2102","refsource":"MISC","name":"https://pkg.go.dev/vuln/GO-2023-2102"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"}]}},"nvd":{"publishedDate":"2023-10-11 22:15:00","lastModifiedDate":"2024-03-10 04:15:00","problem_types":["CWE-770"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*","versionEndExcluding":"0.17.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*","versionStartIncluding":"1.21.0","versionEndExcluding":"1.21.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*","versionStartIncluding":"1.20.0","versionEndExcluding":"1.20.10","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:astra_trident:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:astra_trident_autosupport:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}