Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Mageia 8 MGASA-2023-0109 Moderate: Golang Denial of Service Issues

mageia
Calendar Grey March 24, 2023
Dist Mageia Esm H88
Mageia 2023-0109 releases updates for golang libraries addressing critical security flaws that affect CPU performance and service uptime.
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests

Summary

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. (CVE-2022-41723) Large handshake records may cause panics in crypto/tls. (CVE-2022-41724) Denial of service from excessive resource consumption in net/http and mime/multipart. (CVE-2022-41725) The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars(CVE-2023-24532)

References

- https://bugs.mageia.org/show_bug.cgi?id=31575

- https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JRXUC3OICW2AVH5PMURCX4EAOCITSPPU/

- https://groups.google.com/g/golang-announce/c/3-TpUx48iQY

- https://lists.suse.com/pipermail/sle-security-updates/2023-March/014037.html

- https://lists.suse.com/pipermail/sle-security-updates/2023-March/014038.html

- https://www.cve.org/CVERecord?id=CVE-2022-41723

- https://www.cve.org/CVERecord?id=CVE-2022-41724

- https://www.cve.org/CVERecord?id=CVE-2022-41725

- https://www.cve.org/CVERecord?id=CVE-2023-24532

Topics%20covered

Topics Covered

security advisory denial of service security fix resource consumption golang CPU usage Mageia

Resolution

SRPMS

- 8/core/golang-1.19.7-1.mga8

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 24 Mar 2023
URL: https://advisories.mageia.org/MGASA-2023-0109.html
Type: security
CVE: CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2023-24532

Topics%20covered

Topics Covered

security advisory denial of service security fix resource consumption golang CPU usage Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here