OESA-2023-1080

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1080

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2023-1080.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2023-1080

Upstream

CVE-2022-41717

Published

2023-02-10T11:04:53Z

Modified

2025-08-12T05:15:13.444782Z

Summary

golang security update

Details

The Go Programming Language

Security Fix(es):

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.(CVE-2022-41717)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:22.03-LTS-SP1 / golang

Package

Name: golang
Purl: pkg:rpm/openEuler/golang&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.17.3-14.oe2203sp1

Ecosystem specific

{
    "src": [
        "golang-1.17.3-14.oe2203sp1.src.rpm"
    ],
    "noarch": [
        "golang-help-1.17.3-14.oe2203sp1.noarch.rpm",
        "golang-devel-1.17.3-14.oe2203sp1.noarch.rpm"
    ],
    "aarch64": [
        "golang-1.17.3-14.oe2203sp1.aarch64.rpm"
    ],
    "x86_64": [
        "golang-1.17.3-14.oe2203sp1.x86_64.rpm"
    ]
}