Bug 2224245 (CVE-2023-37788)

Summary: CVE-2023-37788 goproxy: Denial of service (DoS) via unspecified vectors.
Product: [Other] Security Response Reporter: Vipul Nair <vinair>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aazores, amasferr, amctagga, aveerama, bdettelb, chazlett, dfreiber, dhughes, dsimansk, dymurray, eaguilar, ebaron, eglynn, ellin, gparvin, ibolton, jburrell, jcantril, jjoyce, jkang, jkoehler, jkurik, jmatthew, jmontleo, joelsmith, jpallich, lball, lgamliel, lhh, matzew, mburns, mfilanov, mgarciac, mkudlej, muagarwa, mwringe, nathans, nbecker, njean, nobody, owatkins, pahickey, pcpbot, periklis, pgrist, pjindal, rfreiman, rgarg, rhos-maint, rhuss, rogbas, scorneli, scox, sfroberg, shbose, skontopo, slucidi, sseago, stcannon, teagle, tjochec, tnielsen, ubhargav, vkumar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in goproxy, which is vulnerable to a denial of service caused by improper input validation. This flaw allows a remote attacker can cause the goproxy server to crash by sending a specially crafted HTTP request to the HTTPS page, replacing the path "/" with an asterisk "*".
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2224299, 2224301, 2224302, 2224303, 2224304, 2224305, 2224306, 2224307, 2224308, 2224316, 2224317, 2224322, 2225359, 2224298, 2224300, 2224314, 2224315    
Bug Blocks: 2220974    

Description Vipul Nair 2023-07-20 09:05:23 UTC 
goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors.

https://github.com/elazarl/goproxy/issues/502
https://github.com/elazarl/goproxy
Comment 16 Avinash Hanwate 2023-07-25 04:43:22 UTC 
Created origin tracking bugs for this issue:

Affects: fedora-all [bug 2225359]