CVE-2022-41723
Public on 2023-02-17
Modified on 2024-04-06
Description
http2/hpack: avoid quadratic complexity in hpack decoding
Severity
Important
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Docker Extra | amazon-ecr-credential-helper | 2023-08-31 | ALAS2DOCKER-2023-030 | Fixed |
| Amazon Linux 2 - Aws-nitro-enclaves-cli Extra | amazon-ecr-credential-helper | 2023-08-31 | ALAS2NITRO-ENCLAVES-2023-029 | Fixed |
| Amazon Linux 2023 | amazon-ecr-credential-helper | 2023-08-31 | ALAS2023-2023-337 | Fixed |
| Amazon Linux 1 | amazon-ssm-agent | 2023-08-30 | ALAS-2023-1825 | Fixed |
| Amazon Linux 1 | amazon-ssm-agent | 2023-10-12 | ALAS-2023-1866 | Fixed |
| Amazon Linux 2 - Core | amazon-ssm-agent | 2023-08-31 | ALAS2-2023-2238 | Fixed |
| Amazon Linux 2 - Core | amazon-ssm-agent | 2023-10-12 | ALAS2-2023-2303 | Fixed |
| Amazon Linux 2023 | amazon-ssm-agent | 2023-08-31 | ALAS2023-2023-339 | Fixed |
| Amazon Linux 2023 | amazon-ssm-agent | 2023-10-12 | ALAS2023-2023-388 | Fixed |
| Amazon Linux 2 - Core | cni-plugins | 2023-08-03 | ALAS2-2023-2192 | Fixed |
| Amazon Linux 2023 | cni-plugins | 2023-08-31 | ALAS2023-2023-338 | Fixed |
| Amazon Linux 1 | containerd | 2023-09-27 | ALAS-2023-1849 | Fixed |
| Amazon Linux 2 - Ecs Extra | containerd | Fixed | ||
| Amazon Linux 2 - Docker Extra | containerd | 2023-08-17 | ALAS2DOCKER-2023-029 | Fixed |
| Amazon Linux 2 - Aws-nitro-enclaves-cli Extra | containerd | 2023-08-03 | ALAS2NITRO-ENCLAVES-2023-026 | Fixed |
| Amazon Linux 2 - Core | cri-tools | 2023-08-03 | ALAS2-2023-2194 | Fixed |
| Amazon Linux 1 | docker | 2023-10-30 | ALAS-2023-1881 | Fixed |
| Amazon Linux 2 - Docker Extra | docker | 2023-10-18 | ALAS2DOCKER-2023-031 | Fixed |
| Amazon Linux 2 - Ecs Extra | docker | 2023-10-31 | ALAS2ECS-2023-019 | Fixed |
| Amazon Linux 2 - Aws-nitro-enclaves-cli Extra | docker | 2023-10-18 | ALAS2NITRO-ENCLAVES-2023-030 | Fixed |
| Amazon Linux 2023 | docker | 2023-07-17 | ALAS2023-2023-260 | Fixed |
| Amazon Linux 2023 | ecs-init | 2024-05-09 | ALAS2023-2024-620 | Fixed |
| Amazon Linux 1 | golang | 2023-04-13 | ALAS-2023-1731 | Fixed |
| Amazon Linux 2 - Core | golang | 2023-04-13 | ALAS2-2023-2015 | Fixed |
| Amazon Linux 2 - Golang1.19 Extra | golang | 2023-08-07 | ALAS2GOLANG1.19-2023-002 | Fixed |
| Amazon Linux 2023 | golang | 2023-03-20 | ALAS2023-2023-142 | Fixed |
| Amazon Linux 2 - Core | nerdctl | 2023-08-03 | ALAS2-2023-2193 | Fixed |
| Amazon Linux 2023 | nerdctl | 2023-08-17 | ALAS2023-2023-313 | Fixed |
| Amazon Linux 2 - Core | rclone | 2023-07-17 | ALAS2-2023-2143 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| NVD | CVSSv3 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |