Vulnerability CVE-2023-45288: Information
Description
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
golang | sisyphus | 1.22.2-alt1 | 1.22.3-alt1 | ALT-PU-2024-5071-1 | 344307 | Fixed |
golang | sisyphus_riscv64 | 1.22.2-alt1 | 1.22.3-alt1 | ALT-PU-2024-5929-1 | - | Fixed |
golang | sisyphus_loongarch64 | 1.22.2-alt1 | 1.22.3-alt1 | ALT-PU-2024-5940-1 | - | Fixed |
golang | p10 | 1.21.8-alt1 | 1.21.10-alt1 | ALT-PU-2024-3504-2 | 342123 | Fixed |
golang | c10f1 | 1.21.8-alt1 | 1.21.10-alt1 | ALT-PU-2024-4847-5 | 343662 | Fixed |
kubernetes1.28 | sisyphus | 1.28.10-alt1 | 1.28.8-alt1 | ALT-PU-2024-8269-2 | 348675 | In work |
traefik | sisyphus | 2.11.2-alt1 | 2.11.3-alt1 | ALT-PU-2024-7595-1 | 347710 | Fixed |
traefik | sisyphus_riscv64 | 2.11.2-alt2 | 2.11.3-alt1 | ALT-PU-2024-7679-1 | - | Fixed |
traefik | sisyphus_loongarch64 | 2.11.2-alt2 | 2.11.3-alt1 | ALT-PU-2024-7629-1 | - | Fixed |