VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-js6n-23yb-aaag

Essentials
Severities (104)
References (105)
Severity details (39)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-js6n-23yb-aaag
Aliases	CVE-2023-45288 GHSA-4v7x-pqxf-cx7m
Summary	An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
Status	Published
Exploitability	2.0
Weighted Severity	8.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-400

Uncontrolled Resource Consumption

System	Score	Found at
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:1897
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1897
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:2562
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:2562
cvssv3.1	8.6	https://access.redhat.com/errata/RHSA-2024:2672
ssvc	Track*	https://access.redhat.com/errata/RHSA-2024:2672
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:2729
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:2729
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:3352
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:3352
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:3467
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:3467
cvssv3	7.5	https://access.redhat.com/errata/RHSA-2024:6811
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:6811
cvssv3.1	8.3	https://access.redhat.com/errata/RHSA-2024:7164
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:7164
cvssv3.1	8.3	https://access.redhat.com/errata/RHSA-2024:8425
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:8425
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45288.json
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.59177	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.59177	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.59177	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.6116	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.64852	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.64852	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.64852	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.64852	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.64852	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.66635	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.66635	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.66635	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.66635	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.66635	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.66635	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.66635	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.66635	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.71055	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.71055	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.72312	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.72312	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.72312	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.72312	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.72312	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.72312	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.72312	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.72312	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.72312	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.72408	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.72408	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.72408	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.72408	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.72408	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.72408	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.72408	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.72408	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.72408	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.72408	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.72408	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.72408	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.72408	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.72408	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.72408	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.76904	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.76904	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.80528	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.80528	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.80528	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
epss	0.82674	https://api.first.org/data/v1/epss?cve=CVE-2023-45288
cvssv3.1	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.3	https://go.dev/cl/576155
generic_textual	MODERATE	https://go.dev/cl/576155
cvssv3.1	5.3	https://go.dev/issue/65051
generic_textual	MODERATE	https://go.dev/issue/65051
cvssv3.1	5.3	https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M
generic_textual	MODERATE	https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M
cvssv3.1	2.7	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT
generic_textual	LOW	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT
cvssv3.1	5.3	https://nowotarski.info/http2-continuation-flood-technical-details
generic_textual	MODERATE	https://nowotarski.info/http2-continuation-flood-technical-details
cvssv3.1	5.3	https://pkg.go.dev/vuln/GO-2024-2687
generic_textual	MODERATE	https://pkg.go.dev/vuln/GO-2024-2687
cvssv3.1	5.3	https://security.netapp.com/advisory/ntap-20240419-0009
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20240419-0009
cvssv3.1	8.2	http://www.openwall.com/lists/oss-security/2024/04/03/16
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2024/04/03/16
cvssv3.1	5.3	http://www.openwall.com/lists/oss-security/2024/04/05/4
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2024/04/05/4

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45288.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-45288
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://go.dev/cl/576155
		https://go.dev/issue/65051
		https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/
		https://nowotarski.info/http2-continuation-flood-technical-details
		https://pkg.go.dev/vuln/GO-2024-2687
		https://security.netapp.com/advisory/ntap-20240419-0009
		https://security.netapp.com/advisory/ntap-20240419-0009/
		http://www.openwall.com/lists/oss-security/2024/04/03/16
		http://www.openwall.com/lists/oss-security/2024/04/05/4
2268273		https://bugzilla.redhat.com/show_bug.cgi?id=2268273
CVE-2023-45288		https://nvd.nist.gov/vuln/detail/CVE-2023-45288
GLSA-202408-07		https://security.gentoo.org/glsa/202408-07
RHSA-2024:1616		https://access.redhat.com/errata/RHSA-2024:1616
RHSA-2024:1668		https://access.redhat.com/errata/RHSA-2024:1668
RHSA-2024:1679		https://access.redhat.com/errata/RHSA-2024:1679
RHSA-2024:1681		https://access.redhat.com/errata/RHSA-2024:1681
RHSA-2024:1683		https://access.redhat.com/errata/RHSA-2024:1683
RHSA-2024:1892		https://access.redhat.com/errata/RHSA-2024:1892
RHSA-2024:1897		https://access.redhat.com/errata/RHSA-2024:1897
RHSA-2024:1899		https://access.redhat.com/errata/RHSA-2024:1899
RHSA-2024:1962		https://access.redhat.com/errata/RHSA-2024:1962
RHSA-2024:1963		https://access.redhat.com/errata/RHSA-2024:1963
RHSA-2024:2060		https://access.redhat.com/errata/RHSA-2024:2060
RHSA-2024:2062		https://access.redhat.com/errata/RHSA-2024:2062
RHSA-2024:2068		https://access.redhat.com/errata/RHSA-2024:2068
RHSA-2024:2079		https://access.redhat.com/errata/RHSA-2024:2079
RHSA-2024:2562		https://access.redhat.com/errata/RHSA-2024:2562
RHSA-2024:2625		https://access.redhat.com/errata/RHSA-2024:2625
RHSA-2024:2664		https://access.redhat.com/errata/RHSA-2024:2664
RHSA-2024:2667		https://access.redhat.com/errata/RHSA-2024:2667
RHSA-2024:2668		https://access.redhat.com/errata/RHSA-2024:2668
RHSA-2024:2671		https://access.redhat.com/errata/RHSA-2024:2671
RHSA-2024:2672		https://access.redhat.com/errata/RHSA-2024:2672
RHSA-2024:2699		https://access.redhat.com/errata/RHSA-2024:2699
RHSA-2024:2724		https://access.redhat.com/errata/RHSA-2024:2724
RHSA-2024:2728		https://access.redhat.com/errata/RHSA-2024:2728
RHSA-2024:2729		https://access.redhat.com/errata/RHSA-2024:2729
RHSA-2024:2773		https://access.redhat.com/errata/RHSA-2024:2773
RHSA-2024:2865		https://access.redhat.com/errata/RHSA-2024:2865
RHSA-2024:2875		https://access.redhat.com/errata/RHSA-2024:2875
RHSA-2024:2892		https://access.redhat.com/errata/RHSA-2024:2892
RHSA-2024:2901		https://access.redhat.com/errata/RHSA-2024:2901
RHSA-2024:2929		https://access.redhat.com/errata/RHSA-2024:2929
RHSA-2024:2930		https://access.redhat.com/errata/RHSA-2024:2930
RHSA-2024:2932		https://access.redhat.com/errata/RHSA-2024:2932
RHSA-2024:2933		https://access.redhat.com/errata/RHSA-2024:2933
RHSA-2024:2935		https://access.redhat.com/errata/RHSA-2024:2935
RHSA-2024:2936		https://access.redhat.com/errata/RHSA-2024:2936
RHSA-2024:2941		https://access.redhat.com/errata/RHSA-2024:2941
RHSA-2024:3259		https://access.redhat.com/errata/RHSA-2024:3259
RHSA-2024:3314		https://access.redhat.com/errata/RHSA-2024:3314
RHSA-2024:3315		https://access.redhat.com/errata/RHSA-2024:3315
RHSA-2024:3316		https://access.redhat.com/errata/RHSA-2024:3316
RHSA-2024:3327		https://access.redhat.com/errata/RHSA-2024:3327
RHSA-2024:3331		https://access.redhat.com/errata/RHSA-2024:3331
RHSA-2024:3346		https://access.redhat.com/errata/RHSA-2024:3346
RHSA-2024:3352		https://access.redhat.com/errata/RHSA-2024:3352
RHSA-2024:3467		https://access.redhat.com/errata/RHSA-2024:3467
RHSA-2024:3479		https://access.redhat.com/errata/RHSA-2024:3479
RHSA-2024:3523		https://access.redhat.com/errata/RHSA-2024:3523
RHSA-2024:3621		https://access.redhat.com/errata/RHSA-2024:3621
RHSA-2024:3637		https://access.redhat.com/errata/RHSA-2024:3637
RHSA-2024:3680		https://access.redhat.com/errata/RHSA-2024:3680
RHSA-2024:3781		https://access.redhat.com/errata/RHSA-2024:3781
RHSA-2024:3885		https://access.redhat.com/errata/RHSA-2024:3885
RHSA-2024:4006		https://access.redhat.com/errata/RHSA-2024:4006
RHSA-2024:4010		https://access.redhat.com/errata/RHSA-2024:4010
RHSA-2024:4023		https://access.redhat.com/errata/RHSA-2024:4023
RHSA-2024:4034		https://access.redhat.com/errata/RHSA-2024:4034
RHSA-2024:4041		https://access.redhat.com/errata/RHSA-2024:4041
RHSA-2024:4125		https://access.redhat.com/errata/RHSA-2024:4125
RHSA-2024:4464		https://access.redhat.com/errata/RHSA-2024:4464
RHSA-2024:4543		https://access.redhat.com/errata/RHSA-2024:4543
RHSA-2024:4545		https://access.redhat.com/errata/RHSA-2024:4545
RHSA-2024:4546		https://access.redhat.com/errata/RHSA-2024:4546
RHSA-2024:4631		https://access.redhat.com/errata/RHSA-2024:4631
RHSA-2024:4677		https://access.redhat.com/errata/RHSA-2024:4677
RHSA-2024:4922		https://access.redhat.com/errata/RHSA-2024:4922
RHSA-2024:4933		https://access.redhat.com/errata/RHSA-2024:4933
RHSA-2024:4934		https://access.redhat.com/errata/RHSA-2024:4934
RHSA-2024:4982		https://access.redhat.com/errata/RHSA-2024:4982
RHSA-2024:5013		https://access.redhat.com/errata/RHSA-2024:5013
RHSA-2024:6004		https://access.redhat.com/errata/RHSA-2024:6004
RHSA-2024:6221		https://access.redhat.com/errata/RHSA-2024:6221
RHSA-2024:6642		https://access.redhat.com/errata/RHSA-2024:6642
RHSA-2024:6811		https://access.redhat.com/errata/RHSA-2024:6811
RHSA-2024:7164		https://access.redhat.com/errata/RHSA-2024:7164
RHSA-2024:8235		https://access.redhat.com/errata/RHSA-2024:8235
RHSA-2024:8425		https://access.redhat.com/errata/RHSA-2024:8425
RHSA-2024:8688		https://access.redhat.com/errata/RHSA-2024:8688
RHSA-2024:8692		https://access.redhat.com/errata/RHSA-2024:8692
RHSA-2025:0536		https://access.redhat.com/errata/RHSA-2025:0536
RHSA-2025:0832		https://access.redhat.com/errata/RHSA-2025:0832
RHSA-2025:4240		https://access.redhat.com/errata/RHSA-2025:4240
RHSA-2025:7753		https://access.redhat.com/errata/RHSA-2025:7753
RHSA-2025:8274		https://access.redhat.com/errata/RHSA-2025:8274
USN-6886-1		https://usn.ubuntu.com/6886-1/
USN-7109-1		https://usn.ubuntu.com/7109-1/
USN-7111-1		https://usn.ubuntu.com/7111-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1897

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:21:05Z/ Found at https://access.redhat.com/errata/RHSA-2024:1897

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:2562

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:21:05Z/ Found at https://access.redhat.com/errata/RHSA-2024:2562

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:2672

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/ Found at https://access.redhat.com/errata/RHSA-2024:2672

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:2729

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:21:05Z/ Found at https://access.redhat.com/errata/RHSA-2024:2729

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:3352

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:21:05Z/ Found at https://access.redhat.com/errata/RHSA-2024:3352

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:3467

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-08T14:53:26Z/ Found at https://access.redhat.com/errata/RHSA-2024:3467

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:6811

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T20:16:55Z/ Found at https://access.redhat.com/errata/RHSA-2024:6811

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:7164

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/ Found at https://access.redhat.com/errata/RHSA-2024:7164

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:8425

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/ Found at https://access.redhat.com/errata/RHSA-2024:8425

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45288.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://go.dev/cl/576155

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://go.dev/issue/65051

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://nowotarski.info/http2-continuation-flood-technical-details

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://pkg.go.dev/vuln/GO-2024-2687

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://security.netapp.com/advisory/ntap-20240419-0009

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Found at http://www.openwall.com/lists/oss-security/2024/04/03/16

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at http://www.openwall.com/lists/oss-security/2024/04/05/4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.14292
EPSS Score	0.00044
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-04-23T17:17:32.684408+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2023-45288	34.0.0rc4