Skip to main content

CVE-2022-41723

CVE Details

Visit the official vulnerability details page for CVE-2022-41723 to learn more.

Initial Publication

10/25/2024

Last Update

10/25/2024

Third Party Dependency

golang.org/x/net

NIST CVE Summary

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

CVE Severity

7.5

Our Official Summary

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.

This vulnerability is reported on a few third party images. Since these components do not serve HTTP, impact is low. Since the maximum impact of this vulnerability is a denial of service against an individual container so the impact could not cascade across the entire infrastructure, this vulnerability is rated low.

Status

Ongoing

Affected Products & Versions

VersionPalette EnterprisePalette Enterprise AirgapVerteXVerteX Airgap
4.5.11ImpactedImpactedImpactedImpacted
4.5.10ImpactedImpactedImpactedImpacted
4.5.8ImpactedImpactedImpactedImpacted
4.5.5ImpactedImpactedImpactedImpacted
4.5.4ImpactedImpactedImpactedImpacted
4.4.20ImpactedImpactedImpactedImpacted

Revision History

DateRevision
11/15/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11
11/15/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10
11/13/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8 to 4.5.4, 4.5.5, 4.5.8, 4.4.20
11/10/2024Impacted versions changed from 4.5.4, 4.5.5 to 4.5.4, 4.5.5, 4.5.8
10/27/2024Impacted versions changed from 4.5.4 to 4.5.4, 4.5.5