Home > Vulnerability Database > CVE-2022-41721

Mend.io Vulnerability Database

CVE-2022-41721

Good to know:

Date: January 13, 2023

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.

Language: Go

Severity Score

7.5

Related Resources (8)

Url: https://pkg.go.dev/vuln/GO-2023-1495

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3H3EWQXM2XL5AGBX6UL443JEJ3GQXJN/

Url: https://go.dev/cl/447396

Url: https://access.redhat.com/security/cve/CVE-2022-41721

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-41721

Url: https://go.dev/issue/56352

Url: https://security-tracker.debian.org/tracker/CVE-2022-41721

Url: https://www.mend.io/vulnerability-database/CVE-2022-41721

Severity Score

7.5

Weakness Type (CWE)

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CWE-444

Top Fix

Upgrade Version

Upgrade to version v0.2.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-41721

Good to know:

Date: January 13, 2023

Language: Go

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?