Skip to main content
Version: latest

CVE-2022-41723

CVE Details

Visit the official vulnerability details page for CVE-2022-41723 to learn more.

Initial Publication

11/13/2024

Last Update

12/12/2024

Third Party Dependency

go

NIST CVE Summary

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

CVE Severity

7.5

Our Official Summary

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.

This vulnerability is reported on a few third party images. Since these components do not serve HTTP, impact is low. Since the maximum impact of this vulnerability is a denial of service against an individual container so the impact could not cascade across the entire infrastructure, this vulnerability is rated low.

Status

Ongoing

Affected Products & Versions

VersionPalette EnterprisePalette Enterprise AirgapVerteXVerteX Airgap
4.5.15⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.5.11⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.5.10⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.5.8⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.5.5⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.5.4⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.4.20⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted

Revision History

DateRevision
12/12/2024Official summary revised: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.This vulnerability is reported on a few third party images. Since these components do not serve HTTP, impact is low. Since the maximum impact of this vulnerability is a denial of service against an individual container so the impact could not cascade across the entire infrastructure, this vulnerability is rated low.