CVE-2022-41723

Public on 2023-02-17
Modified on 2025-03-06
Description
http2/hpack: avoid quadratic complexity in hpack decoding
Severity
Important severity
Important
See what this means
CVSS v3 Base Score
7.5
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Docker Extra amazon-ecr-credential-helper 2023-09-06 ALAS2DOCKER-2023-030 Fixed
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra amazon-ecr-credential-helper 2023-09-06 ALAS2NITRO-ENCLAVES-2023-029 Fixed
Amazon Linux 2023 amazon-ecr-credential-helper 2023-09-07 ALAS2023-2023-337 Fixed
Amazon Linux 1 amazon-ssm-agent 2023-09-07 ALAS-2023-1825 Fixed
Amazon Linux 1 amazon-ssm-agent 2023-10-24 ALAS-2023-1866 Fixed
Amazon Linux 2 - Core amazon-ssm-agent 2023-09-05 ALAS2-2023-2238 Fixed
Amazon Linux 2 - Core amazon-ssm-agent 2023-10-19 ALAS2-2023-2303 Fixed
Amazon Linux 2023 amazon-ssm-agent 2023-09-07 ALAS2023-2023-339 Fixed
Amazon Linux 2023 amazon-ssm-agent 2023-10-24 ALAS2023-2023-388 Fixed
Amazon Linux 2 - Core cni-plugins 2023-08-07 ALAS2-2023-2192 Fixed
Amazon Linux 2023 cni-plugins 2023-09-07 ALAS2023-2023-338 Fixed
Amazon Linux 1 containerd 2023-10-03 ALAS-2023-1849 Fixed
Amazon Linux 2 - Ecs Extra containerd Fixed
Amazon Linux 2 - Docker Extra containerd 2023-08-21 ALAS2DOCKER-2023-029 Fixed
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra containerd 2023-08-07 ALAS2NITRO-ENCLAVES-2023-026 Fixed
Amazon Linux 2 - Core cri-tools 2023-08-07 ALAS2-2023-2194 Fixed
Amazon Linux 1 docker 2023-11-03 ALAS-2023-1881 Fixed
Amazon Linux 2 - Docker Extra docker 2023-10-19 ALAS2DOCKER-2023-031 Fixed
Amazon Linux 2 - Ecs Extra docker 2023-10-17 ALAS2ECS-2023-019 Fixed
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra docker 2023-10-17 ALAS2NITRO-ENCLAVES-2023-030 Fixed
Amazon Linux 2023 docker 2023-07-19 ALAS2023-2023-260 Fixed
Amazon Linux 2023 ecs-init 2024-05-13 ALAS2023-2024-620 Fixed
Amazon Linux 1 golang 2023-04-20 ALAS-2023-1731 Fixed
Amazon Linux 2 - Core golang 2023-04-20 ALAS2-2023-2015 Fixed
Amazon Linux 2 - Golang1.19 Extra golang 2023-09-25 ALAS2GOLANG1.19-2023-002 Fixed
Amazon Linux 2023 golang 2023-03-22 ALAS2023-2023-142 Fixed
Amazon Linux 2 - Core nerdctl 2023-08-07 ALAS2-2023-2193 Fixed
Amazon Linux 2023 nerdctl 2023-08-25 ALAS2023-2023-313 Fixed
Amazon Linux 2 - Core rclone 2023-07-19 ALAS2-2023-2143 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
NVD CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2022-41723 Mitre: CVE-2022-41723