Miggo Logo
Book a Demo
Miggo Vulnerability Database
CVE-2022-41723

CVE-2022-41723:
golang.org/x/net vulnerable to Uncontrolled Resource Consumption

7.5

CVSS Score

Basic Information

CVE ID
CVE-2022-41723
GHSA ID
GHSA-vvpx-j8f3-3w6h
EPSS Score
-
CWE
CWE-400
Published
2/17/2023
Updated
5/20/2024
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
golang.org/x/netgo< 0.7.00.7.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerable functions were identified based on the GO-2023-1571 vulnerability report from vuln.go.dev, which explicitly lists the affected symbols within the golang.org/x/net/http2/hpack package. The vulnerability description points to excessive CPU consumption in the HPACK decoder. The listed functions are all methods of the HPACK Decoder and are directly involved in processing and parsing the HTTP/2 stream, making them the locus of the uncontrolled resource consumption. Attempts to fetch direct commit diffs were unsuccessful, so the analysis relies on the trusted vulnerability database information. The file_path is set to the package path as the exact file names were not available from the provided information, but the symbols clearly indicate the package.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* m*li*iously *r**t** *TTP/* str**m *oul* **us* *x**ssiv* *PU *onsumption in t** *P**K ***o**r, su**i*i*nt to **us* * **ni*l o* s*rvi** *rom * sm*ll num**r o* sm*ll r*qu*sts.

Reasoning

T** vuln*r**l* *un*tions w*r* i**nti*i** **s** on t** *O-****-**** vuln*r**ility r*port *rom vuln.*o.**v, w*i** *xpli*itly lists t** *****t** sym*ols wit*in t** *ol*n*.or*/x/n*t/*ttp*/*p**k p**k***. T** vuln*r**ility **s*ription points to *x**ssiv* *