AZL-78960

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-78960.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-78960

Upstream

CVE-2024-24791

Published

2024-07-02T22:15:04Z

Modified

2026-04-01T05:23:19.957132Z

Summary

CVE-2024-24791 affecting package golang 1.25.7-1

Details

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-24791

Affected packages

Azure Linux:3 / golang

Package

Name: golang
Purl: pkg:rpm/azure-linux/golang

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.25.7-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-78960.json"