x/vulndb: potential Go vuln in golang.org/x/net: GHSA-4374-p667-p6c8 #2111

GoVulnBot · 2023-10-11T21:01:22Z

In GitHub Security Advisory GHSA-4374-p667-p6c8, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
golang.org/x/net	0.17.0	< 0.17.0

Cross references:

Module golang.org/x/net appears in issue dummy issue #14
Module golang.org/x/net appears in issue dummy issue #78
Module golang.org/x/net appears in issue x/vulndb: potential Go vuln in Go Standard Library (package not identified): CVE-2021-33194 #238
Module golang.org/x/net appears in issue x/vulndb: potential Go vuln in golang.org/x/net: CVE-2018-17142 #192
Module golang.org/x/net appears in issue x/vulndb: potential Go vuln in golang.org/x/net: CVE-2018-17143 #193
Module golang.org/x/net appears in issue x/vulndb: potential Go vuln in "Go Standard Library (package not identified)": CVE-2018-17847 #197
Module golang.org/x/net appears in issue x/vulndb: potential Go vuln in Go Standard Library (package not identified): CVE-2021-31525 #236
Module golang.org/x/net appears in issue x/vulndb: potential Go vuln in std: CVE-2021-44716 #288
Module golang.org/x/net appears in issue x/vulndb: potential Go vuln in std: CVE-2019-9512, CVE-2019-9514 #536
Module golang.org/x/net appears in issue x/vulndb: potential Go vuln in std: CVE-2022-27664 #969
Module golang.org/x/net appears in issue x/vulndb: potential Go vuln in std: CVE-2022-41717 #1144
Module golang.org/x/net appears in issue x/vulndb: potential Go vuln in golang.org/x/net/http2/h2c: CVE-2022-41721 #1495
Module golang.org/x/net appears in issue x/vulndb: potential Go vuln in net/http: CVE-2022-41723 #1571
Module golang.org/x/net appears in issue x/vulndb: potential Go vuln in golang.org/x/net/html: CVE-2023-3978 #1988
CVE-2023-39325 appears in issue x/vulndb: potential Go vuln in net/http: CVE-2023-39325 #2102
Module golang.org/x/net appears in issue x/vulndb: potential Go vuln in net/http: CVE-2023-39325 #2102

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: golang.org/x/net
      versions:
        - fixed: 0.17.0
      vulnerable_at: 0.16.0
      packages:
        - package: golang.org/x/net
summary: HTTP/2 rapid reset can cause excessive work in net/http
cves:
    - CVE-2023-39325
ghsas:
    - GHSA-4374-p667-p6c8
references:
    - report: https://go.dev/issue/63417
    - fix: https://go.dev/cl/534215
    - fix: https://go.dev/cl/534235
    - report: https://go.dev/issue/63417
    - web: https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ
    - advisory: https://github.com/advisories/GHSA-4374-p667-p6c8

The text was updated successfully, but these errors were encountered:

jba · 2023-10-13T12:24:53Z

Duplicate of #2102

jba self-assigned this Oct 13, 2023

jba added the duplicate label Oct 13, 2023

jba marked this as a duplicate of #2102 Oct 13, 2023

tatianab closed this as completed Oct 24, 2023

jnyi mentioned this issue Dec 5, 2024

[ES-1318644] m3 security patch databricks/m3#94

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in golang.org/x/net: GHSA-4374-p667-p6c8 #2111

x/vulndb: potential Go vuln in golang.org/x/net: GHSA-4374-p667-p6c8 #2111

GoVulnBot commented Oct 11, 2023

jba commented Oct 13, 2023

x/vulndb: potential Go vuln in golang.org/x/net: GHSA-4374-p667-p6c8 #2111

x/vulndb: potential Go vuln in golang.org/x/net: GHSA-4374-p667-p6c8 #2111

Comments

GoVulnBot commented Oct 11, 2023

jba commented Oct 13, 2023