CVE-2022-41723

About vulnerability

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

Affected product:

AlmaLinux 9.2 ESU , Grafana , Loki , cloud.google.com/go , cloud.google.com/go/bigquery , cloud.google.com/go/firestore , cuelang.org/go , github.com/Azure/azure-event-hubs-go , github.com/Azure/azure-pipeline-go , github.com/Azure/azure-sdk-for-go/sdk/azcore , github.com/Azure/azure-sdk-for-go/sdk/azidentity , github.com/Azure/azure-sdk-for-go/sdk/internal , github.com/Azure/azure-storage-blob-go , github.com/Joker/hpp , github.com/Shopify/sarama , github.com/apache/arrow/go/arrow , github.com/aws/aws-sdk-go , github.com/aws/aws-sdk-go-v2 , github.com/bketelsen/crypt , github.com/centrifugal/centrifuge , github.com/cortexproject/cortex , github.com/deepmap/oapi-codegen , github.com/dgraph-io/badger , github.com/dhui/dktest , github.com/digitalocean/godo , github.com/ema/qdisc , github.com/getsentry/sentry-go , github.com/gin-gonic/gin , github.com/glinton/ping , github.com/go-kit/kit , github.com/go-openapi/analysis , github.com/go-openapi/jsonreference , github.com/go-openapi/loads , github.com/go-openapi/runtime , github.com/go-openapi/spec , github.com/go-openapi/validate , github.com/gogo/protobuf , github.com/golang-migrate/migrate , github.com/golang/mock , github.com/golang/protobuf , github.com/google/go-github , github.com/grafana/grafana-plugin-sdk-go , github.com/grpc-ecosystem/go-grpc-middleware , github.com/grpc-ecosystem/go-grpc-prometheus , github.com/grpc-ecosystem/grpc-gateway , github.com/hashicorp/consul , github.com/hashicorp/consul/api , github.com/hashicorp/go-discover , github.com/hashicorp/go-plugin , github.com/hashicorp/mdns , github.com/hashicorp/memberlist , github.com/hashicorp/serf , github.com/influxdata/flux , github.com/influxdata/influxdb , github.com/influxdata/influxdb-client-go , github.com/influxdata/telegraf , github.com/iris-contrib/jade , github.com/jaegertracing/jaeger , github.com/jcmturner/gokrb5 , github.com/jcmturner/rpc , github.com/jhump/protoreflect , github.com/jsimonetti/rtnetlink , github.com/kataras/iris , github.com/lightstep/lightstep-tracer-common/golang/gogo , github.com/lightstep/lightstep-tracer-go , github.com/mattn/go-ieproxy , github.com/mdlayher/genetlink , github.com/mdlayher/netlink , github.com/microcosm-cc/bluemonday , github.com/miekg/dns , github.com/minio/minio-go , github.com/onsi/ginkgo , github.com/onsi/gomega , github.com/opentracing-contrib/go-grpc , github.com/openzipkin-contrib/zipkin-go-opentracing , github.com/openzipkin/zipkin-go , github.com/prometheus/alertmanager , github.com/prometheus/client_golang , github.com/prometheus/common , github.com/prometheus/node_exporter , github.com/prometheus/prometheus , github.com/securego/gosec , github.com/soheilhy/cmux , github.com/spf13/cobra , github.com/spf13/viper , github.com/thanos-io/thanos , github.com/valyala/fasthttp , github.com/weaveworks/common , github.com/xanzy/go-gitlab , go.elastic.co/apm/module/apmhttp , go.elastic.co/apm/module/apmot , go.etcd.io/etcd , go.etcd.io/etcd/server , go.opencensus.io , go.opentelemetry.io/collector , golang.org/x/crypto , golang.org/x/mod , golang.org/x/net , golang.org/x/oauth2 , golang.org/x/tools , golang.zx2c4.com/wireguard , golang.zx2c4.com/wireguard/wgctrl , google.golang.org/api , google.golang.org/appengine , google.golang.org/genproto , google.golang.org/grpc , google.golang.org/protobuf , gopkg.in/macaron.v1 , k8s.io/api , k8s.io/apimachinery , k8s.io/client-go , k8s.io/kube-openapi

Affected packages:

toolbox @ 0.0.99.3 (+135 more)

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.