cbcvebase.
CVE-2021-44716
published 2022-01-01

CVE-2021-44716: net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.

PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
3.96%
89.1th percentile
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.

Affected

36 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
debiangolang-1.15< golang-1.15 1.15.15-1~deb11u2 (bullseye)golang-1.15 1.15.15-1~deb11u2 (bullseye)
debiangolang-golang-x-net< golang-1.15 1.15.15-1~deb11u2 (bullseye)golang-1.15 1.15.15-1~deb11u2 (bullseye)
github.comspiffe_spire>= 0 < 1.0.31.0.3
github.comspiffe_spire>= 1.1.0 < 1.1.31.1.3
golang.orgx_net>= 0 < 0.0.0-20211209124913-491a49abca630.0.0-20211209124913-491a49abca63
golang.orgx_net_http2>= 0 < 0.0.0-20211209124913-491a49abca630.0.0-20211209124913-491a49abca63
golanggo< 1.16.121.16.12
golanggo>= 1.17.0 < 1.17.51.17.5
msrcazl3_keda_2.14.0-1
msrcazl3_keda_2.4.0-15
msrcazl3_moby-engine_20.10.25-3
msrcazl3_moby-engine_25.0.3-1
msrcazl3_multus_3.8-13
msrcazl3_multus_4.0.2-1
msrcazl3_node-problem-detector_0.8.10-18
msrcazl3_node-problem-detector_0.8.15-1
msrcazl3_prometheus-process-exporter_0.7.10-15
msrcazl3_prometheus-process-exporter_0.8.2-1
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_application-gateway-kubernetes-ingress_1.4.0-19
msrccbl2_application-gateway-kubernetes-ingress_1.4.0-25
msrccbl2_cf-cli_8.4.0-16
msrccbl2_cf-cli_8.4.0-24

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
ghsa7.5HIGH
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.