Bug 2224245 (CVE-2023-37788) - CVE-2023-37788 goproxy: Denial of service (DoS) via unspecified vectors.
Summary: CVE-2023-37788 goproxy: Denial of service (DoS) via unspecified vectors.
Keywords:
Status: NEW
Alias: CVE-2023-37788
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2224316 2225359 2224298 2224299 2224300 2224301 2224302 2224303 2224304 2224305 2224306 2224307 2224308 2224314 2224315 2224322
Blocks: 2220974
TreeView+ depends on / blocked
 
Reported: 2023-07-20 09:05 UTC by Vipul Nair
Modified: 2024-03-18 17:58 UTC (History)
63 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in goproxy, which is vulnerable to a denial of service caused by improper input validation. This flaw allows a remote attacker can cause the goproxy server to crash by sending a specially crafted HTTP request to the HTTPS page, replacing the path "/" with an asterisk "*".
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github elazarl goproxy pull 507 0 None Merged Added control for the nil request 2023-10-18 16:14:29 UTC
Red Hat Product Errata RHSA-2023:5006 0 None None None 2023-10-31 12:54:57 UTC
Red Hat Product Errata RHSA-2023:5007 0 None None None 2023-10-31 13:45:31 UTC
Red Hat Product Errata RHSA-2023:5009 0 None None None 2023-10-31 14:02:11 UTC
Red Hat Product Errata RHSA-2023:5407 0 None None None 2023-09-29 14:13:25 UTC
Red Hat Product Errata RHSA-2023:6832 0 None None None 2023-11-08 18:49:43 UTC
Red Hat Product Errata RHSA-2023:7198 0 None None None 2024-02-27 20:49:31 UTC

Description Vipul Nair 2023-07-20 09:05:23 UTC 
goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors.

https://github.com/elazarl/goproxy/issues/502
https://github.com/elazarl/goproxy
Comment 16 Avinash Hanwate 2023-07-25 04:43:22 UTC 
Created origin tracking bugs for this issue:

Affects: fedora-all [bug 2225359]
Comment 19 errata-xmlrpc 2023-09-29 14:13:21 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift GitOps 1.10

Via RHSA-2023:5407 https://access.redhat.com/errata/RHSA-2023:5407
Comment 20 Jon Schlueter 2023-10-18 16:14:29 UTC 
From reading Issue in upstream repo it is fixed in attached pull request
Comment 22 errata-xmlrpc 2023-10-31 12:54:54 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:5006 https://access.redhat.com/errata/RHSA-2023:5006
Comment 23 errata-xmlrpc 2023-10-31 13:45:27 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:5007 https://access.redhat.com/errata/RHSA-2023:5007
Comment 24 errata-xmlrpc 2023-10-31 14:02:07 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:5009 https://access.redhat.com/errata/RHSA-2023:5009
Comment 25 errata-xmlrpc 2023-11-08 18:49:39 UTC 
This issue has been addressed in the following products:

  RHODF-4.14-RHEL-9

Via RHSA-2023:6832 https://access.redhat.com/errata/RHSA-2023:6832
Comment 31 errata-xmlrpc 2024-02-27 20:49:27 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2023:7198 https://access.redhat.com/errata/RHSA-2023:7198
Note You need to log in before you can comment on or make changes to this bug.