gsd-2023-45288
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-45288",
"id": "GSD-2023-45288"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-45288"
],
"details": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"id": "GSD-2023-45288",
"modified": "2023-12-13T01:20:38.271432Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@golang.org",
"ID": "CVE-2023-45288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "net/http",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0",
"version_value": "1.21.9"
},
{
"version_affected": "\u003c",
"version_name": "1.22.0-0",
"version_value": "1.22.2"
}
]
}
}
]
},
"vendor_name": "Go standard library"
},
{
"product": {
"product_data": [
{
"product_name": "golang.org/x/net/http2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0",
"version_value": "0.23.0"
}
]
}
}
]
},
"vendor_name": "golang.org/x/net"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "Bartek Nowotarski (https://nowotarski.info/)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://go.dev/issue/65051",
"refsource": "MISC",
"url": "https://go.dev/issue/65051"
},
{
"name": "https://go.dev/cl/576155",
"refsource": "MISC",
"url": "https://go.dev/cl/576155"
},
{
"name": "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M",
"refsource": "MISC",
"url": "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M"
},
{
"name": "https://pkg.go.dev/vuln/GO-2024-2687",
"refsource": "MISC",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"name": "https://security.netapp.com/advisory/ntap-20240419-0009/",
"refsource": "MISC",
"url": "https://security.netapp.com/advisory/ntap-20240419-0009/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection."
},
{
"lang": "es",
"value": "Un atacante puede hacer que un endpoint HTTP/2 lea cantidades arbitrarias de datos de encabezado enviando una cantidad excesiva de tramas de CONTINUACI\u00d3N. Mantener el estado de HPACK requiere analizar y procesar todos los encabezados y tramas de CONTINUACI\u00d3N en una conexi\u00f3n. Cuando los encabezados de una solicitud exceden MaxHeaderBytes, no se asigna memoria para almacenar los encabezados sobrantes, pero a\u00fan as\u00ed se analizan. Esto permite a un atacante hacer que un endpoint HTTP/2 lea cantidades arbitrarias de datos de encabezado, todos asociados con una solicitud que ser\u00e1 rechazada. Estos encabezados pueden incluir datos codificados por Huffman, cuya decodificaci\u00f3n es significativamente m\u00e1s costosa para el receptor que para el atacante. La soluci\u00f3n establece un l\u00edmite en la cantidad de fotogramas de encabezado excedentes que procesaremos antes de cerrar una conexi\u00f3n."
}
],
"id": "CVE-2023-45288",
"lastModified": "2024-04-25T06:15:52.357",
"metrics": {},
"published": "2024-04-04T21:15:16.113",
"references": [
{
"source": "security@golang.org",
"url": "https://go.dev/cl/576155"
},
{
"source": "security@golang.org",
"url": "https://go.dev/issue/65051"
},
{
"source": "security@golang.org",
"url": "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M"
},
{
"source": "security@golang.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/"
},
{
"source": "security@golang.org",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"source": "security@golang.org",
"url": "https://security.netapp.com/advisory/ntap-20240419-0009/"
}
],
"sourceIdentifier": "security@golang.org",
"vulnStatus": "Awaiting Analysis"
}
}
}
}
Loading...