Published: 06/12/2023 Updated: 20/01/2024

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 0

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small. (CVE-2023-39326) Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. (CVE-2023-3978) OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an malicious user to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it. (CVE-2023-45142)

Vulnerable Product	Search on Vulmon	Subscribe to Product
golang go

Synopsis Important: Red Hat build of Cryostat security update Type/Severity Security Advisory: Important Topic An update is now available for the Red Hat build of Cryostat 2 on RHEL 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a ...

Synopsis Moderate: Logging Subsystem 5711 - Red Hat OpenShift Type/Severity Security Advisory: Moderate Topic Logging Subsystem 5711 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is ...

Synopsis Important: container-tools:40 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the container-tools:40 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security ...

Synopsis Moderate: Logging 5616 - Red Hat OpenShift Type/Severity Security Advisory: Moderate Topic Logging 5616 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each v ...

Synopsis Moderate: Logging Subsystem 583 - Red Hat OpenShift Type/Severity Security Advisory: Moderate Topic Logging Subsystem 583 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is av ...

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of ...

DescriptionA flaw was found in the Golang net/http/internal package This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS)A flaw was found in the G ...

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 (CVE-2023-39325) A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from ...

NVD-CWE-noinfo https://go.dev/issue/64433 https://go.dev/cl/547335 https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ https://pkg.go.dev/vuln/GO-2023-2382 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIU6HOGV6RRIKWM57LOXQA75BGZSIH6G/https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2024:0530 https://alas.aws.amazon.com/ALAS-2024-1903.html https://alas.aws.amazon.com/AL2/ALAS-2024-2446.html

Get Started

CVE-2023-39326

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect