vulnerability

SUSE: CVE-2023-45288: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	04/04/2024	04/08/2024	02/18/2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

04/04/2024

Added

04/08/2024

Modified

02/18/2025

Description

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.

Solution(s)

suse-upgrade-containerdsuse-upgrade-containerd-ctrsuse-upgrade-containerd-develsuse-upgrade-go1-21suse-upgrade-go1-21-docsuse-upgrade-go1-21-racesuse-upgrade-go1-22suse-upgrade-go1-22-docsuse-upgrade-go1-22-race

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today