Published: 02/08/2023 Updated: 07/11/2023

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 0

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small. (CVE-2023-39326) Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. (CVE-2023-3978) OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an malicious user to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it. (CVE-2023-45142)

Vulnerable Product	Search on Vulmon	Subscribe to Product
golang networking

Debian Bug report logs - #1043163 golang-golang-x-net: CVE-2023-3978 Package: src:golang-golang-x-net; Maintainer for src:golang-golang-x-net is Debian Go Packaging Team <team+pkg-go@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 6 Aug 2023 19:33:04 UTC Severity: important Tags ...

Synopsis Important: Cryostat security update Type/Severity Security Advisory: Important Topic An update is now available for Cryostat 2 on RHEL 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available ...

概要 Important: OpenShift Container Platform 41317 bug fix and security update タイプ/重大度 Security Advisory: Important トピック Red Hat OpenShift Container Platform release 41317 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Ha ...

Synopsis Moderate: podman security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for podman is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated th ...

Synopsis Moderate: Migration Toolkit for Containers (MTC) 1713 security and bug fix update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 1713 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) bas ...

概述 Moderate: Red Hat OpenShift Service Mesh Containers for 245 类型/严重性 Security Advisory: Moderate 标题 Red Hat OpenShift Service Mesh 245 ContainersRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity ...

Synopsis Important: OpenShift Container Platform 4142 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4142 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift C ...

Synopsis Important: OpenShift Container Platform 41248 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 41248 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift ...

DescriptionThe MITRE CVE dictionary describes this issue as: Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be This could lead to an XSS attack ...

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of ...

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be This could lead to an XSS attack (CVE-2023-3978) ...

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 (CVE-2023-39325) Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be This could lead t ...

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 (CVE-2023-39325) A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from ...

Golang DDoS CVE POC

Golang DoS CVE proof of concept HTTPS/2 Server with vulnerable version of golangorg/x/net, rapid reset attack got to be known last year, impacting multiple big cloud providers and CDNs, with the record of 201MI RPS WARNING: Do not use the example without FIXING the version More on: blogcloudflarecom/technical-breakdown-http2-rapid-reset-ddos-attack Scanner results:

CWE-79 https://go.dev/issue/61615 https://go.dev/cl/514896 https://pkg.go.dev/vuln/GO-2023-1988 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043163 https://nvd.nist.gov https://github.com/knabben/dos-poc https://access.redhat.com/security/cve/cve-2023-3978 https://alas.aws.amazon.com/AL2/ALAS-2024-2446.html

Get Started

CVE-2023-3978

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect