CVE-2022-41725

Public on 2023-02-15
Modified on 2024-04-22
Description
Golang: net/http, mime/multipart: denial of service from excessive resource consumption (https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E)
Severity
Medium severity
Medium
CVSS v3 Base Score
6.5
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Docker Extra containerd 2023-08-17 ALAS2DOCKER-2023-029 Fixed
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra containerd 2023-08-03 ALAS2NITRO-ENCLAVES-2023-026 Fixed
Amazon Linux 1 golang 2023-04-13 ALAS-2023-1731 Fixed
Amazon Linux 1 golang 2023-09-27 ALAS-2023-1848 Fixed
Amazon Linux 2 - Core golang 2023-04-13 ALAS2-2023-2015 Fixed
Amazon Linux 2 - Core golang 2023-07-20 ALAS2-2023-2163 Fixed
Amazon Linux 2 - Golang1.19 Extra golang 2023-08-07 ALAS2GOLANG1.19-2023-002 Fixed
Amazon Linux 2023 golang 2023-04-27 ALAS2023-2023-175 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
NVD CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Red Hat: CVE-2022-41725 Mitre: CVE-2022-41725