Rapid7 Vulnerability & Exploit Database

Red Hat OpenShift: CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

Red Hat OpenShift: CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
01/01/2022
Created
03/12/2022
Added
03/11/2022
Modified
12/19/2023

Description

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.

Solution(s)

  • linuxrpm-upgrade-butane
  • linuxrpm-upgrade-containernetworking-plugins
  • linuxrpm-upgrade-cri-o
  • linuxrpm-upgrade-ignition
  • linuxrpm-upgrade-openshift

References

  • https://attackerkb.com/topics/cve-2021-44716
  • CVE - 2021-44716
  • RHSA-2021:5160
  • RHSA-2021:5176
  • RHSA-2022:0001
  • RHSA-2022:0002
  • RHSA-2022:0055
  • RHSA-2022:0056
  • RHSA-2022:0163
  • RHSA-2022:0237
  • RHSA-2022:0260
  • RHSA-2022:0557
  • RHSA-2022:0585
  • RHSA-2022:0587
  • RHSA-2022:0842
  • RHSA-2022:0855
  • RHSA-2022:0927
  • RHSA-2022:0947
  • RHSA-2022:1051
  • RHSA-2022:1056
  • RHSA-2022:1361
  • RHSA-2022:1372
  • RHSA-2022:1628
  • RHSA-2022:1734
  • RHSA-2022:6526
  • RHSA-2023:0407
  • RHSA-2023:0408
View more

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;