An attacker can cause unbounded memory growth in a Go server accepting HTTP/2 requests. Reference: https://github.com/golang/go/issues/50058
Created golang tracking bugs for this issue: Affects: epel-all [bug 2030802] Affects: fedora-all [bug 2030804] Affects: openstack-rdo [bug 2030803]
upstream commits: HTTP2: https://go-review.googlesource.com/c/net/+/369794/ 1.16: https://go-review.googlesource.com/c/go/+/370575/ 1.17: https://go-review.googlesource.com/c/go/+/370574/
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:5160 https://access.redhat.com/errata/RHSA-2021:5160
This issue has been addressed in the following products: Red Hat Developer Tools Via RHSA-2021:5176 https://access.redhat.com/errata/RHSA-2021:5176
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:0002 https://access.redhat.com/errata/RHSA-2022:0002
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:0001 https://access.redhat.com/errata/RHSA-2022:0001
This issue has been addressed in the following products: Cryostat 2 on RHEL 8 Via RHSA-2022:0163 https://access.redhat.com/errata/RHSA-2022:0163
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.2 Via RHSA-2022:0237 https://access.redhat.com/errata/RHSA-2022:0237
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.1 Via RHSA-2022:0260 https://access.redhat.com/errata/RHSA-2022:0260
This issue has been addressed in the following products: Service Telemetry Framework 1.4 for RHEL 8 Via RHSA-2022:0585 https://access.redhat.com/errata/RHSA-2022:0585
This issue has been addressed in the following products: Service Telemetry Framework 1.3 for RHEL 8 Via RHSA-2022:0587 https://access.redhat.com/errata/RHSA-2022:0587
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2022:0055 https://access.redhat.com/errata/RHSA-2022:0055
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2022:0056 https://access.redhat.com/errata/RHSA-2022:0056
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.2 Via RHSA-2022:0842 https://access.redhat.com/errata/RHSA-2022:0842
This issue has been addressed in the following products: OSE-OSC-1.2.0-RHEL-8 Via RHSA-2022:0855 https://access.redhat.com/errata/RHSA-2022:0855
This issue has been addressed in the following products: RHEL-8-CNV-4.10 Via RHSA-2022:0947 https://access.redhat.com/errata/RHSA-2022:0947
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2022:0927 https://access.redhat.com/errata/RHSA-2022:0927
This issue has been addressed in the following products: Openshift Serveless 1.21 Via RHSA-2022:1051 https://access.redhat.com/errata/RHSA-2022:1051
This issue has been addressed in the following products: Openshift Serverless 1 on RHEL 8 Via RHSA-2022:1056 https://access.redhat.com/errata/RHSA-2022:1056
This issue has been addressed in the following products: RHODF-4.10-RHEL-8 Via RHSA-2022:1361 https://access.redhat.com/errata/RHSA-2022:1361
This issue has been addressed in the following products: RHODF-4.10-RHEL-8 Via RHSA-2022:1372 https://access.redhat.com/errata/RHSA-2022:1372
This issue has been addressed in the following products: Red Hat Gluster Storage 3.5 for RHEL 7 Via RHSA-2022:1628 https://access.redhat.com/errata/RHSA-2022:1628
This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.7 Via RHSA-2022:1734 https://access.redhat.com/errata/RHSA-2022:1734
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-44716
This issue has been addressed in the following products: RHEL-8-CNV-4.11 Via RHSA-2022:6526 https://access.redhat.com/errata/RHSA-2022:6526
This issue has been addressed in the following products: RHEL-8-CNV-4.12 RHEL-7-CNV-4.12 Via RHSA-2023:0407 https://access.redhat.com/errata/RHSA-2023:0407
This issue has been addressed in the following products: RHEL-8-CNV-4.12 Via RHSA-2023:0408 https://access.redhat.com/errata/RHSA-2023:0408
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days