| { |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0", |
| "cveMetadata": { |
| "cveId": "CVE-2023-45288" |
| }, |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc" |
| }, |
| "title": "HTTP/2 CONTINUATION flood in net/http", |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection." |
| } |
| ], |
| "affected": [ |
| { |
| "vendor": "Go standard library", |
| "product": "net/http", |
| "collectionURL": "https://pkg.go.dev", |
| "packageName": "net/http", |
| "versions": [ |
| { |
| "version": "0", |
| "lessThan": "1.21.9", |
| "status": "affected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "1.22.0-0", |
| "lessThan": "1.22.2", |
| "status": "affected", |
| "versionType": "semver" |
| } |
| ], |
| "programRoutines": [ |
| { |
| "name": "http2Framer.readMetaFrame" |
| }, |
| { |
| "name": "CanonicalHeaderKey" |
| }, |
| { |
| "name": "Client.CloseIdleConnections" |
| }, |
| { |
| "name": "Client.Do" |
| }, |
| { |
| "name": "Client.Get" |
| }, |
| { |
| "name": "Client.Head" |
| }, |
| { |
| "name": "Client.Post" |
| }, |
| { |
| "name": "Client.PostForm" |
| }, |
| { |
| "name": "Cookie.String" |
| }, |
| { |
| "name": "Cookie.Valid" |
| }, |
| { |
| "name": "Dir.Open" |
| }, |
| { |
| "name": "Error" |
| }, |
| { |
| "name": "Get" |
| }, |
| { |
| "name": "HandlerFunc.ServeHTTP" |
| }, |
| { |
| "name": "Head" |
| }, |
| { |
| "name": "Header.Add" |
| }, |
| { |
| "name": "Header.Del" |
| }, |
| { |
| "name": "Header.Get" |
| }, |
| { |
| "name": "Header.Set" |
| }, |
| { |
| "name": "Header.Values" |
| }, |
| { |
| "name": "Header.Write" |
| }, |
| { |
| "name": "Header.WriteSubset" |
| }, |
| { |
| "name": "ListenAndServe" |
| }, |
| { |
| "name": "ListenAndServeTLS" |
| }, |
| { |
| "name": "NewRequest" |
| }, |
| { |
| "name": "NewRequestWithContext" |
| }, |
| { |
| "name": "NotFound" |
| }, |
| { |
| "name": "ParseTime" |
| }, |
| { |
| "name": "Post" |
| }, |
| { |
| "name": "PostForm" |
| }, |
| { |
| "name": "ProxyFromEnvironment" |
| }, |
| { |
| "name": "ReadRequest" |
| }, |
| { |
| "name": "ReadResponse" |
| }, |
| { |
| "name": "Redirect" |
| }, |
| { |
| "name": "Request.AddCookie" |
| }, |
| { |
| "name": "Request.BasicAuth" |
| }, |
| { |
| "name": "Request.FormFile" |
| }, |
| { |
| "name": "Request.FormValue" |
| }, |
| { |
| "name": "Request.MultipartReader" |
| }, |
| { |
| "name": "Request.ParseForm" |
| }, |
| { |
| "name": "Request.ParseMultipartForm" |
| }, |
| { |
| "name": "Request.PostFormValue" |
| }, |
| { |
| "name": "Request.Referer" |
| }, |
| { |
| "name": "Request.SetBasicAuth" |
| }, |
| { |
| "name": "Request.UserAgent" |
| }, |
| { |
| "name": "Request.Write" |
| }, |
| { |
| "name": "Request.WriteProxy" |
| }, |
| { |
| "name": "Response.Cookies" |
| }, |
| { |
| "name": "Response.Location" |
| }, |
| { |
| "name": "Response.Write" |
| }, |
| { |
| "name": "ResponseController.EnableFullDuplex" |
| }, |
| { |
| "name": "ResponseController.Flush" |
| }, |
| { |
| "name": "ResponseController.Hijack" |
| }, |
| { |
| "name": "ResponseController.SetReadDeadline" |
| }, |
| { |
| "name": "ResponseController.SetWriteDeadline" |
| }, |
| { |
| "name": "Serve" |
| }, |
| { |
| "name": "ServeContent" |
| }, |
| { |
| "name": "ServeFile" |
| }, |
| { |
| "name": "ServeMux.ServeHTTP" |
| }, |
| { |
| "name": "ServeTLS" |
| }, |
| { |
| "name": "Server.Close" |
| }, |
| { |
| "name": "Server.ListenAndServe" |
| }, |
| { |
| "name": "Server.ListenAndServeTLS" |
| }, |
| { |
| "name": "Server.Serve" |
| }, |
| { |
| "name": "Server.ServeTLS" |
| }, |
| { |
| "name": "Server.SetKeepAlivesEnabled" |
| }, |
| { |
| "name": "Server.Shutdown" |
| }, |
| { |
| "name": "SetCookie" |
| }, |
| { |
| "name": "Transport.CancelRequest" |
| }, |
| { |
| "name": "Transport.Clone" |
| }, |
| { |
| "name": "Transport.CloseIdleConnections" |
| }, |
| { |
| "name": "Transport.RoundTrip" |
| }, |
| { |
| "name": "body.Close" |
| }, |
| { |
| "name": "body.Read" |
| }, |
| { |
| "name": "bodyEOFSignal.Close" |
| }, |
| { |
| "name": "bodyEOFSignal.Read" |
| }, |
| { |
| "name": "bodyLocked.Read" |
| }, |
| { |
| "name": "bufioFlushWriter.Write" |
| }, |
| { |
| "name": "cancelTimerBody.Close" |
| }, |
| { |
| "name": "cancelTimerBody.Read" |
| }, |
| { |
| "name": "checkConnErrorWriter.Write" |
| }, |
| { |
| "name": "chunkWriter.Write" |
| }, |
| { |
| "name": "connReader.Read" |
| }, |
| { |
| "name": "connectMethodKey.String" |
| }, |
| { |
| "name": "expectContinueReader.Close" |
| }, |
| { |
| "name": "expectContinueReader.Read" |
| }, |
| { |
| "name": "extraHeader.Write" |
| }, |
| { |
| "name": "fileHandler.ServeHTTP" |
| }, |
| { |
| "name": "fileTransport.RoundTrip" |
| }, |
| { |
| "name": "globalOptionsHandler.ServeHTTP" |
| }, |
| { |
| "name": "gzipReader.Close" |
| }, |
| { |
| "name": "gzipReader.Read" |
| }, |
| { |
| "name": "http2ClientConn.Close" |
| }, |
| { |
| "name": "http2ClientConn.Ping" |
| }, |
| { |
| "name": "http2ClientConn.RoundTrip" |
| }, |
| { |
| "name": "http2ClientConn.Shutdown" |
| }, |
| { |
| "name": "http2ConnectionError.Error" |
| }, |
| { |
| "name": "http2ErrCode.String" |
| }, |
| { |
| "name": "http2FrameHeader.String" |
| }, |
| { |
| "name": "http2FrameType.String" |
| }, |
| { |
| "name": "http2FrameWriteRequest.String" |
| }, |
| { |
| "name": "http2Framer.ReadFrame" |
| }, |
| { |
| "name": "http2Framer.WriteContinuation" |
| }, |
| { |
| "name": "http2Framer.WriteData" |
| }, |
| { |
| "name": "http2Framer.WriteDataPadded" |
| }, |
| { |
| "name": "http2Framer.WriteGoAway" |
| }, |
| { |
| "name": "http2Framer.WriteHeaders" |
| }, |
| { |
| "name": "http2Framer.WritePing" |
| }, |
| { |
| "name": "http2Framer.WritePriority" |
| }, |
| { |
| "name": "http2Framer.WritePushPromise" |
| }, |
| { |
| "name": "http2Framer.WriteRSTStream" |
| }, |
| { |
| "name": "http2Framer.WriteRawFrame" |
| }, |
| { |
| "name": "http2Framer.WriteSettings" |
| }, |
| { |
| "name": "http2Framer.WriteSettingsAck" |
| }, |
| { |
| "name": "http2Framer.WriteWindowUpdate" |
| }, |
| { |
| "name": "http2GoAwayError.Error" |
| }, |
| { |
| "name": "http2Server.ServeConn" |
| }, |
| { |
| "name": "http2Setting.String" |
| }, |
| { |
| "name": "http2SettingID.String" |
| }, |
| { |
| "name": "http2SettingsFrame.ForeachSetting" |
| }, |
| { |
| "name": "http2StreamError.Error" |
| }, |
| { |
| "name": "http2Transport.CloseIdleConnections" |
| }, |
| { |
| "name": "http2Transport.NewClientConn" |
| }, |
| { |
| "name": "http2Transport.RoundTrip" |
| }, |
| { |
| "name": "http2Transport.RoundTripOpt" |
| }, |
| { |
| "name": "http2bufferedWriter.Flush" |
| }, |
| { |
| "name": "http2bufferedWriter.Write" |
| }, |
| { |
| "name": "http2chunkWriter.Write" |
| }, |
| { |
| "name": "http2clientConnPool.GetClientConn" |
| }, |
| { |
| "name": "http2connError.Error" |
| }, |
| { |
| "name": "http2dataBuffer.Read" |
| }, |
| { |
| "name": "http2duplicatePseudoHeaderError.Error" |
| }, |
| { |
| "name": "http2gzipReader.Close" |
| }, |
| { |
| "name": "http2gzipReader.Read" |
| }, |
| { |
| "name": "http2headerFieldNameError.Error" |
| }, |
| { |
| "name": "http2headerFieldValueError.Error" |
| }, |
| { |
| "name": "http2noDialClientConnPool.GetClientConn" |
| }, |
| { |
| "name": "http2noDialH2RoundTripper.RoundTrip" |
| }, |
| { |
| "name": "http2pipe.Read" |
| }, |
| { |
| "name": "http2priorityWriteScheduler.CloseStream" |
| }, |
| { |
| "name": "http2priorityWriteScheduler.OpenStream" |
| }, |
| { |
| "name": "http2pseudoHeaderError.Error" |
| }, |
| { |
| "name": "http2requestBody.Close" |
| }, |
| { |
| "name": "http2requestBody.Read" |
| }, |
| { |
| "name": "http2responseWriter.Flush" |
| }, |
| { |
| "name": "http2responseWriter.FlushError" |
| }, |
| { |
| "name": "http2responseWriter.Push" |
| }, |
| { |
| "name": "http2responseWriter.SetReadDeadline" |
| }, |
| { |
| "name": "http2responseWriter.SetWriteDeadline" |
| }, |
| { |
| "name": "http2responseWriter.Write" |
| }, |
| { |
| "name": "http2responseWriter.WriteHeader" |
| }, |
| { |
| "name": "http2responseWriter.WriteString" |
| }, |
| { |
| "name": "http2roundRobinWriteScheduler.OpenStream" |
| }, |
| { |
| "name": "http2serverConn.CloseConn" |
| }, |
| { |
| "name": "http2serverConn.Flush" |
| }, |
| { |
| "name": "http2stickyErrWriter.Write" |
| }, |
| { |
| "name": "http2transportResponseBody.Close" |
| }, |
| { |
| "name": "http2transportResponseBody.Read" |
| }, |
| { |
| "name": "http2writeData.String" |
| }, |
| { |
| "name": "initALPNRequest.ServeHTTP" |
| }, |
| { |
| "name": "loggingConn.Close" |
| }, |
| { |
| "name": "loggingConn.Read" |
| }, |
| { |
| "name": "loggingConn.Write" |
| }, |
| { |
| "name": "maxBytesReader.Close" |
| }, |
| { |
| "name": "maxBytesReader.Read" |
| }, |
| { |
| "name": "onceCloseListener.Close" |
| }, |
| { |
| "name": "persistConn.Read" |
| }, |
| { |
| "name": "persistConnWriter.ReadFrom" |
| }, |
| { |
| "name": "persistConnWriter.Write" |
| }, |
| { |
| "name": "populateResponse.Write" |
| }, |
| { |
| "name": "populateResponse.WriteHeader" |
| }, |
| { |
| "name": "readTrackingBody.Close" |
| }, |
| { |
| "name": "readTrackingBody.Read" |
| }, |
| { |
| "name": "readWriteCloserBody.Read" |
| }, |
| { |
| "name": "redirectHandler.ServeHTTP" |
| }, |
| { |
| "name": "response.Flush" |
| }, |
| { |
| "name": "response.FlushError" |
| }, |
| { |
| "name": "response.Hijack" |
| }, |
| { |
| "name": "response.ReadFrom" |
| }, |
| { |
| "name": "response.Write" |
| }, |
| { |
| "name": "response.WriteHeader" |
| }, |
| { |
| "name": "response.WriteString" |
| }, |
| { |
| "name": "serverHandler.ServeHTTP" |
| }, |
| { |
| "name": "socksDialer.DialWithConn" |
| }, |
| { |
| "name": "socksUsernamePassword.Authenticate" |
| }, |
| { |
| "name": "stringWriter.WriteString" |
| }, |
| { |
| "name": "timeoutHandler.ServeHTTP" |
| }, |
| { |
| "name": "timeoutWriter.Write" |
| }, |
| { |
| "name": "timeoutWriter.WriteHeader" |
| }, |
| { |
| "name": "transportReadFromServerError.Error" |
| } |
| ], |
| "defaultStatus": "unaffected" |
| }, |
| { |
| "vendor": "golang.org/x/net", |
| "product": "golang.org/x/net/http2", |
| "collectionURL": "https://pkg.go.dev", |
| "packageName": "golang.org/x/net/http2", |
| "versions": [ |
| { |
| "version": "0", |
| "lessThan": "0.23.0", |
| "status": "affected", |
| "versionType": "semver" |
| } |
| ], |
| "programRoutines": [ |
| { |
| "name": "Framer.readMetaFrame" |
| }, |
| { |
| "name": "ClientConn.Close" |
| }, |
| { |
| "name": "ClientConn.Ping" |
| }, |
| { |
| "name": "ClientConn.RoundTrip" |
| }, |
| { |
| "name": "ClientConn.Shutdown" |
| }, |
| { |
| "name": "ConfigureServer" |
| }, |
| { |
| "name": "ConfigureTransport" |
| }, |
| { |
| "name": "ConfigureTransports" |
| }, |
| { |
| "name": "ConnectionError.Error" |
| }, |
| { |
| "name": "ErrCode.String" |
| }, |
| { |
| "name": "FrameHeader.String" |
| }, |
| { |
| "name": "FrameType.String" |
| }, |
| { |
| "name": "FrameWriteRequest.String" |
| }, |
| { |
| "name": "Framer.ReadFrame" |
| }, |
| { |
| "name": "Framer.WriteContinuation" |
| }, |
| { |
| "name": "Framer.WriteData" |
| }, |
| { |
| "name": "Framer.WriteDataPadded" |
| }, |
| { |
| "name": "Framer.WriteGoAway" |
| }, |
| { |
| "name": "Framer.WriteHeaders" |
| }, |
| { |
| "name": "Framer.WritePing" |
| }, |
| { |
| "name": "Framer.WritePriority" |
| }, |
| { |
| "name": "Framer.WritePushPromise" |
| }, |
| { |
| "name": "Framer.WriteRSTStream" |
| }, |
| { |
| "name": "Framer.WriteRawFrame" |
| }, |
| { |
| "name": "Framer.WriteSettings" |
| }, |
| { |
| "name": "Framer.WriteSettingsAck" |
| }, |
| { |
| "name": "Framer.WriteWindowUpdate" |
| }, |
| { |
| "name": "GoAwayError.Error" |
| }, |
| { |
| "name": "ReadFrameHeader" |
| }, |
| { |
| "name": "Server.ServeConn" |
| }, |
| { |
| "name": "Setting.String" |
| }, |
| { |
| "name": "SettingID.String" |
| }, |
| { |
| "name": "SettingsFrame.ForeachSetting" |
| }, |
| { |
| "name": "StreamError.Error" |
| }, |
| { |
| "name": "Transport.CloseIdleConnections" |
| }, |
| { |
| "name": "Transport.NewClientConn" |
| }, |
| { |
| "name": "Transport.RoundTrip" |
| }, |
| { |
| "name": "Transport.RoundTripOpt" |
| }, |
| { |
| "name": "bufferedWriter.Flush" |
| }, |
| { |
| "name": "bufferedWriter.Write" |
| }, |
| { |
| "name": "chunkWriter.Write" |
| }, |
| { |
| "name": "clientConnPool.GetClientConn" |
| }, |
| { |
| "name": "connError.Error" |
| }, |
| { |
| "name": "dataBuffer.Read" |
| }, |
| { |
| "name": "duplicatePseudoHeaderError.Error" |
| }, |
| { |
| "name": "gzipReader.Close" |
| }, |
| { |
| "name": "gzipReader.Read" |
| }, |
| { |
| "name": "headerFieldNameError.Error" |
| }, |
| { |
| "name": "headerFieldValueError.Error" |
| }, |
| { |
| "name": "noDialClientConnPool.GetClientConn" |
| }, |
| { |
| "name": "noDialH2RoundTripper.RoundTrip" |
| }, |
| { |
| "name": "pipe.Read" |
| }, |
| { |
| "name": "priorityWriteScheduler.CloseStream" |
| }, |
| { |
| "name": "priorityWriteScheduler.OpenStream" |
| }, |
| { |
| "name": "pseudoHeaderError.Error" |
| }, |
| { |
| "name": "requestBody.Close" |
| }, |
| { |
| "name": "requestBody.Read" |
| }, |
| { |
| "name": "responseWriter.Flush" |
| }, |
| { |
| "name": "responseWriter.FlushError" |
| }, |
| { |
| "name": "responseWriter.Push" |
| }, |
| { |
| "name": "responseWriter.SetReadDeadline" |
| }, |
| { |
| "name": "responseWriter.SetWriteDeadline" |
| }, |
| { |
| "name": "responseWriter.Write" |
| }, |
| { |
| "name": "responseWriter.WriteHeader" |
| }, |
| { |
| "name": "responseWriter.WriteString" |
| }, |
| { |
| "name": "roundRobinWriteScheduler.OpenStream" |
| }, |
| { |
| "name": "serverConn.CloseConn" |
| }, |
| { |
| "name": "serverConn.Flush" |
| }, |
| { |
| "name": "stickyErrWriter.Write" |
| }, |
| { |
| "name": "transportResponseBody.Close" |
| }, |
| { |
| "name": "transportResponseBody.Read" |
| }, |
| { |
| "name": "writeData.String" |
| } |
| ], |
| "defaultStatus": "unaffected" |
| } |
| ], |
| "problemTypes": [ |
| { |
| "descriptions": [ |
| { |
| "lang": "en", |
| "description": "CWE-400: Uncontrolled Resource Consumption" |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://go.dev/issue/65051" |
| }, |
| { |
| "url": "https://go.dev/cl/576155" |
| }, |
| { |
| "url": "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M" |
| }, |
| { |
| "url": "https://pkg.go.dev/vuln/GO-2024-2687" |
| } |
| ], |
| "credits": [ |
| { |
| "lang": "en", |
| "value": "Bartek Nowotarski (https://nowotarski.info/)" |
| } |
| ] |
| } |
| } |
| } |
