Early Access — Mondoo Vulnerability Intelligence is currently in preview.

UBUNTU-CVE-2022-41723

HIGH7.5

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

Published Feb 28, 2023

Modified 7 months ago

Fix available

Details

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

Affected Packages

Ubuntu:Pro:18.04:LTSgolang-1.10

Affected versions:

1.10-1ubuntu11.10.1-1ubuntu21.10.4-2ubuntu1~18.04.11.10.4-2ubuntu1~18.04.21.10~rc1-11.10~rc1-1ubuntu11.10~rc1-2ubuntu11.10~rc2-1ubuntu1

Ubuntu:Pro:16.04:LTSgolang-1.10

Affected versions:

1.10.4-2ubuntu1~16.04.11.10.4-2ubuntu1~16.04.2

Ubuntu:18.04:LTSgolang-1.10

Affected versions:

1.10-1ubuntu11.10.1-1ubuntu21.10.4-2ubuntu1~18.04.11.10.4-2ubuntu1~18.04.21.10~rc1-11.10~rc1-1ubuntu11.10~rc1-2ubuntu11.10~rc2-1ubuntu1

Ubuntu:16.04:LTSgolang-1.10

Affected versions:

1.10.4-2ubuntu1~16.04.11.10.4-2ubuntu1~16.04.2

Ubuntu:14.04:LTSgolang-1.10

Affected versions:

1.10.4-2ubuntu1~14.04.1

Ubuntu:Pro:14.04:LTSgolang-1.10

Affected versions:

1.10.4-2ubuntu1~14.04.1

Ubuntu:22.04:LTSgolang-1.13

Affected versions:

1.13.8-1ubuntu21.13.8-1ubuntu2.22.04.11.13.8-1ubuntu2.22.04.2

Ubuntu:Pro:20.04:LTSgolang-1.13

Affected versions:

1.13.1-1ubuntu11.13.3-1ubuntu11.13.4-1ubuntu11.13.5-1ubuntu11.13.6-1ubuntu11.13.6-2ubuntu11.13.7-1ubuntu11.13.8-1ubuntu11.13.8-1ubuntu1.11.13.8-1ubuntu1.2

Ubuntu:Pro:16.04:LTSgolang-1.13

Affected versions:

1.13.8-1ubuntu1~16.04.21.13.8-1ubuntu1~16.04.31.13.8-1ubuntu1~16.04.3+esm21.13.8-1ubuntu1~16.04.3+esm3

Ubuntu:Pro:18.04:LTSgolang-1.13

Affected versions:

1.13.8-1ubuntu1~18.04.21.13.8-1ubuntu1~18.04.31.13.8-1ubuntu1~18.04.41.13.8-1ubuntu1~18.04.4+esm1

Ubuntu:Pro:20.04:LTSgolang-1.14

Affected versions:

1.14-11.14.1-11.14.2-11.14.2-1ubuntu11.14.3-2ubuntu2~20.04.11.14.3-2ubuntu2~20.04.21.14~beta1-11.14~beta1-21.14~rc1-1

Ubuntu:Pro:18.04:LTSgolang-1.16

Affected versions:

1.16.2-0ubuntu1~18.04.21.16.2-0ubuntu1~18.04.2+esm1

Ubuntu:Pro:20.04:LTSgolang-1.16

Affected versions:

1.16.2-0ubuntu1~20.041.16.2-0ubuntu1~20.04.11.16.2-0ubuntu1~20.04.1+esm1

Ubuntu:22.04:LTSgolang-1.17

Affected versions:

1.17-1ubuntu21.17.13-3ubuntu11.17.13-3ubuntu1.21.17.3-1ubuntu11.17.3-1ubuntu2

Fixed in:

1.17.13-3ubuntu1.3

Ubuntu:20.04:LTSgolang-1.18

Affected versions:

1.18.1-1ubuntu1~20.04.11.18.1-1ubuntu1~20.04.2

Fixed in:

1.18.1-1ubuntu1~20.04.3

Ubuntu:22.04:LTSgolang-1.18

Affected versions:

1.18-1ubuntu11.18.1-1ubuntu11.18.1-1ubuntu1.11.18~beta1-0ubuntu11.18~beta2-1ubuntu11.18~beta2-1ubuntu21.18~rc1-1ubuntu1

Fixed in:

1.18.1-1ubuntu1.2

Ubuntu:Pro:16.04:LTSgolang-1.18

Affected versions:

1.18.1-1ubuntu1~16.04.6

Fixed in:

1.18.1-1ubuntu1~16.04.6+esm1

Ubuntu:Pro:18.04:LTSgolang-1.18

Affected versions:

1.18.1-1ubuntu1~18.04.31.18.1-1ubuntu1~18.04.4

Fixed in:

1.18.1-1ubuntu1~18.04.4+esm1

Ubuntu:Pro:16.04:LTSgolang-1.6

Affected versions:

1.6-0ubuntu11.6-0ubuntu21.6-0ubuntu31.6-0ubuntu41.6-0ubuntu51.6.1-0ubuntu11.6.2-0ubuntu5~16.041.6.2-0ubuntu5~16.04.21.6.2-0ubuntu5~16.04.31.6.2-0ubuntu5~16.04.4

Ubuntu:Pro:18.04:LTSgolang-1.8

Affected versions:

1.8.3-2ubuntu11.8.3-2ubuntu1.18.04.1

Ubuntu:Pro:18.04:LTSgolang-1.9

Affected versions:

1.9.1-2ubuntu11.9.2-1ubuntu11.9.2-3ubuntu11.9.3-1ubuntu11.9.4-1ubuntu1

Ubuntu:22.04:LTSgolang-golang-x-net

Affected versions:

1:0.0+git20210119.5f4716e+dfsg-41:0.0+git20210805.aaa1db6+dfsg-11:0.0+git20211209.491a49a+dfsg-1

Ubuntu:20.04:LTSgoogle-guest-agent

Affected versions:

20201217.02-0ubuntu1~20.04.020210414.00-0ubuntu1~20.04.020210629.00-0ubuntu1~20.04.020220622.00-0ubuntu2~20.04.020220622.00-0ubuntu2~20.04.220230426.00-0ubuntu2~20.04.020231004.02-0ubuntu1~20.04.120231004.02-0ubuntu1~20.04.2

Fixed in:

20231004.02-0ubuntu1~20.04.3

Ubuntu:Pro:18.04:LTSgoogle-guest-agent

Affected versions:

20201217.02-0ubuntu1~18.04.020210414.00-0ubuntu1~18.04.020210629.00-0ubuntu1~18.04.120220622.00-0ubuntu2~18.04.020220622.00-0ubuntu2~18.04.120230426.00-0ubuntu2~18.04.020231004.02-0ubuntu1~18.04.220231004.02-0ubuntu1~18.04.320240716.00-0ubuntu1~18.04.020241011.01-0ubuntu1~18.04.0

Ubuntu:Pro:16.04:LTSgoogle-guest-agent

Affected versions:

20201217.02-0ubuntu1~16.04.020230426.00-0ubuntu2~16.04.320231004.02-0ubuntu1~16.04.120231004.02-0ubuntu1~16.04.220240716.00-0ubuntu1~16.04.0

Ubuntu:22.04:LTSgoogle-guest-agent

Affected versions:

20210629.00-0ubuntu120210629.00-0ubuntu220220104.00-0ubuntu120220104.00-0ubuntu220220622.00-0ubuntu2~22.04.020220622.00-0ubuntu2~22.04.120230426.00-0ubuntu2~22.04.020231004.02-0ubuntu1~22.04.120231004.02-0ubuntu1~22.04.2

Fixed in:

20231004.02-0ubuntu1~22.04.3

References

REPORThttps://groups.google.com/g/golang-announce/c/V0aBFqaFs_E REPORThttps://ubuntu.com/security/CVE-2022-41723 REPORThttps://ubuntu.com/security/notices/USN-7109-1 REPORThttps://ubuntu.com/security/notices/USN-7111-1 REPORThttps://www.cve.org/CVERecord?id=CVE-2022-41723

CVSS Analysis

CVSS v3.1

7.5

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-41723 USN-7109-1 USN-7111-1

Ecosystems

Ubuntu Pro 18.04 LTS Ubuntu Pro 16.04 LTS Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu Pro 14.04 LTS Ubuntu 22.04 LTS Ubuntu Pro 20.04 LTS Ubuntu 20.04 LTS

Timeline

PublishedFeb 28, 2023

ModifiedJun 3, 2025

UBUNTU-CVE-2022-41723 | Mondoo Vulnerability Intelligence

UBUNTU-CVE-2022-41723

Details

Affected Packages

References

CVSS Analysis

Related

Ecosystems

Timeline