VulnerableCode Package Details - pkg:rpm/redhat/node-feature-discovery-container@4.13.0-202307131743.p0.g79c2147.assembly?arch=stream

Search for packages

Package details: pkg:rpm/redhat/node-feature-discovery-container@4.13.0-202307131743.p0.g79c2147.assembly?arch=stream

Essentials
History (0)

purl	pkg:rpm/redhat/node-feature-discovery-container@4.13.0-202307131743.p0.g79c2147.assembly?arch=stream

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-jbdq-mdbt-aaap Aliases: CVE-2022-41717 GHSA-xrjj-mj9h-534m	An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.	There are no reported fixed by versions.
VCID-s48v-93da-aaaf Aliases: CVE-2022-41723 GHSA-vvpx-j8f3-3w6h	A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version