net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf | |
https://groups.google.com/g/golang-announce/c/hcmEScgc00k | Mailing List Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html | |
https://security.gentoo.org/glsa/202208-02 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220121-0002/ | Third Party Advisory |
Configurations
History
20 Apr 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Nov 2022, 21:51
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202208-02 - Third Party Advisory |
04 Aug 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Feb 2022, 15:11
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netapp:cloud_insights_telegraf:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220121-0002/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html - Mailing List, Third Party Advisory |
22 Jan 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Jan 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Jan 2022, 13:16
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* | |
CWE | CWE-400 | |
References | (CONFIRM) https://groups.google.com/g/golang-announce/c/hcmEScgc00k - Mailing List, Patch, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
01 Jan 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-01 05:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-44716
Mitre link : CVE-2021-44716
CVE.ORG link : CVE-2021-44716
JSON object : View
Products Affected
netapp
- cloud_insights_telegraf
debian
- debian_linux
golang
- go
CWE
CWE-400
Uncontrolled Resource Consumption