CVE-2022-41723

CVE Details

Visit the official vulnerability details page for CVE-2022-41723 to learn more.

Initial Publication

10/25/2024

Last Update

02/01/2026

Third Party Dependency

golang.org/x/net

NIST CVE Summary

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

CVE Severity

7.5

Our Official Summary

This vulnerability is a false positive. Although this is reported by the scanning tools on some of the components, further checks indicate the symbol/function with the vulnerability while present is not being used.

Status

Ongoing

Affected Products & Versions

Version	Palette Enterprise	Palette Enterprise Airgap	VerteX	VerteX Airgap
4.8.25	⚠️ Impacted	✅ No Impact	⚠️ Impacted	✅ No Impact
4.5.22	⚠️ Impacted	⚠️ Impacted	✅ No Impact	✅ No Impact
4.4.20	⚠️ Impacted	⚠️ Impacted	⚠️ Impacted	⚠️ Impacted

Revision History

No revisions available.

CVE Details​

Initial Publication​

Last Update​

Third Party Dependency​

NIST CVE Summary​

CVE Severity​

Our Official Summary​

Status​

Affected Products & Versions​

Revision History​