Main Vulnerability Database Exploits ID:8669 - Exploit for Allocation of Resources Without Limits or Throttling in Go programming language - CVE-2022-41717

ID:8669 - Exploit for Allocation of Resources Without Limits or Throttling in Go programming language - CVE-2022-41717

Published: December 15, 2022

Vulnerability identifier: #VU70334

Vulnerability risk: Medium

CVE-ID: CVE-2022-41717

CWE-ID: CWE-770

Exploitation vector: Remote access

Vulnerable software:
Go programming language

Link to public exploit:

https://github.com/domdom82/h2conn-exploit

Vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to excessive memory growth when handling HTTP/2 server requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

Remediation

Install updates from vendor's website.

ID:8669 - Exploit for Allocation of Resources Without Limits or Throttling in Go programming language - CVE-2022-41717

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human