High severityNVD Advisory· Published Jan 1, 2022· Updated Aug 4, 2024
CVE-2021-44716
CVE-2021-44716
Description
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
golang.org/x/net/http2Go | < 0.0.0-20211209124913-491a49abca63 | 0.0.0-20211209124913-491a49abca63 |
Affected products
115- Go/net/httpdescription
- osv-coords114 versionspkg:bitnami/golangpkg:golang/golang.org/x/net/http2pkg:rpm/almalinux/delvepkg:rpm/almalinux/golangpkg:rpm/almalinux/golang-binpkg:rpm/almalinux/golang-docspkg:rpm/almalinux/golang-miscpkg:rpm/almalinux/golang-racepkg:rpm/almalinux/golang-srcpkg:rpm/almalinux/golang-testspkg:rpm/almalinux/go-toolsetpkg:rpm/almalinux/grafanapkg:rpm/opensuse/apptainer&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/go1.16&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/go1.16&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/go1.16&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.17&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/go1.17&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ardana-ansible&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-ansible&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-barbican&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-cobbler&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-cobbler&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/go1.16&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2pkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/go1.16&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/go1.16&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/go1.16&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/go1.17&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/go1.17&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/go1.17&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/go1.17&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/grafana&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-barbican&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-barbican&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-heat-gbp&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-heat-gbp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-heat-templates&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-horizon-plugin-gbp-ui&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-horizon-plugin-gbp-ui&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-murano&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-murano&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-murano&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-murano-doc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-murano-doc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-murano-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-neutron-gbp&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-neutron-gbp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-Django&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-lxml&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-lxml&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-XStatic-jquery-ui&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-XStatic-jquery-ui&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/rabbitmq-server&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/rabbitmq-server&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/rabbitmq-server&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/rubygem-puma&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/rubygem-sinatra&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-heat&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-horizon-hpe&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-murano&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-murano&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%209
< 1.16.12+ 113 more
- (no CPE)range: < 1.16.12
- (no CPE)range: < 0.0.0-20211209124913-491a49abca63
- (no CPE)range: < 1.6.0-1.module_el8.5.0+2604+960c7771
- (no CPE)range: < 1.16.12-1.module_el8.5.0+2604+960c7771
- (no CPE)range: < 1.16.12-1.module_el8.5.0+2604+960c7771
- (no CPE)range: < 1.16.12-1.module_el8.5.0+2604+960c7771
- (no CPE)range: < 1.16.12-1.module_el8.5.0+2604+960c7771
- (no CPE)range: < 1.16.12-1.module_el8.5.0+2604+960c7771
- (no CPE)range: < 1.16.12-1.module_el8.5.0+2604+960c7771
- (no CPE)range: < 1.16.12-1.module_el8.5.0+2604+960c7771
- (no CPE)range: < 1.16.12-1.module_el8.5.0+2604+960c7771
- (no CPE)range: < 7.5.9-5.el8_5
- (no CPE)range: < 1.1.2-lp154.2.1
- (no CPE)range: < 1.16.12-lp152.20.1
- (no CPE)range: < 1.16.12-1.37.2
- (no CPE)range: < 1.16.12-1.1
- (no CPE)range: < 1.17.5-1.14.2
- (no CPE)range: < 1.17.5-1.1
- (no CPE)range: < 8.0+git.1660773729.3789a6d-3.85.1
- (no CPE)range: < 8.0+git.1660773729.3789a6d-3.85.1
- (no CPE)range: < 9.0+git.1644879908.8a641c1-3.13.1
- (no CPE)range: < 8.0+git.1660773402.d845a45-3.47.1
- (no CPE)range: < 8.0+git.1660773402.d845a45-3.47.1
- (no CPE)range: < 1.16.12-1.37.2
- (no CPE)range: < 1.16.12-1.37.2
- (no CPE)range: < 1.16.12-1.37.2
- (no CPE)range: < 1.16.12-1.37.2
- (no CPE)range: < 1.16.12-1.37.2
- (no CPE)range: < 1.16.12-1.37.2
- (no CPE)range: < 1.16.12-1.37.2
- (no CPE)range: < 1.16.12-1.37.2
- (no CPE)range: < 1.16.12-1.37.2
- (no CPE)range: < 1.16.12-1.37.2
- (no CPE)range: < 1.16.12-1.37.2
- (no CPE)range: < 1.17.5-1.14.2
- (no CPE)range: < 1.17.5-1.14.2
- (no CPE)range: < 1.17.5-1.14.2
- (no CPE)range: < 1.17.5-1.14.2
- (no CPE)range: < 1.17.5-1.14.2
- (no CPE)range: < 1.17.5-1.14.2
- (no CPE)range: < 1.17.5-1.14.2
- (no CPE)range: < 1.17.5-1.14.2
- (no CPE)range: < 1.17.5-1.14.2
- (no CPE)range: < 1.17.5-1.14.2
- (no CPE)range: < 1.17.5-1.14.2
- (no CPE)range: < 6.7.4-4.23.1
- (no CPE)range: < 6.7.4-4.23.1
- (no CPE)range: < 6.7.4-3.26.1
- (no CPE)range: < 6.7.4-4.23.1
- (no CPE)range: < 6.7.4-3.26.1
- (no CPE)range: < 7.0.1~dev24-3.14.1
- (no CPE)range: < 7.0.1~dev24-3.14.1
- (no CPE)range: < 13.0.10~dev24-3.34.2
- (no CPE)range: < 13.0.10~dev24-3.34.2
- (no CPE)range: < 14.0.1~dev4-3.9.1
- (no CPE)range: < 14.0.1~dev4-3.9.1
- (no CPE)range: < 0.0.0+git.1654529662.75fa04a-3.27.1
- (no CPE)range: < 0.0.0+git.1654529662.75fa04a-3.27.1
- (no CPE)range: < 0.0.0+git.1654529662.75fa04a-3.27.1
- (no CPE)range: < 14.0.1~dev3-3.9.1
- (no CPE)range: < 14.0.1~dev3-3.9.1
- (no CPE)range: < 11.1.5~dev18-3.28.2
- (no CPE)range: < 11.1.5~dev18-3.28.2
- (no CPE)range: < 14.2.1~dev9-3.28.2
- (no CPE)range: < 14.2.1~dev9-3.28.2
- (no CPE)range: < 4.0.2~dev3-3.12.1
- (no CPE)range: < 4.0.2~dev3-3.12.1
- (no CPE)range: < 4.0.2~dev3-3.12.1
- (no CPE)range: < 4.0.2~dev3-3.12.1
- (no CPE)range: < 4.0.2~dev3-3.12.1
- (no CPE)range: < 4.0.2~dev3-3.12.1
- (no CPE)range: < 13.0.8~dev206-3.40.1
- (no CPE)range: < 13.0.8~dev206-3.40.1
- (no CPE)range: < 14.0.1~dev33-3.31.1
- (no CPE)range: < 14.0.1~dev33-3.31.1
- (no CPE)range: < 1.11.29-3.42.1
- (no CPE)range: < 1.11.29-3.42.1
- (no CPE)range: < 1.11.29-3.42.1
- (no CPE)range: < 4.2.4-3.3.1
- (no CPE)range: < 4.2.4-3.3.1
- (no CPE)range: < 5.2.0-3.17.1
- (no CPE)range: < 5.2.0-3.17.1
- (no CPE)range: < 1.13.0.1-4.3.1
- (no CPE)range: < 1.13.0.1-4.3.1
- (no CPE)range: < 3.6.16-3.13.1
- (no CPE)range: < 3.6.16-3.13.1
- (no CPE)range: < 3.6.16-3.13.1
- (no CPE)range: < 9.20220413-3.30.1
- (no CPE)range: < 9.20220413-3.30.1
- (no CPE)range: < 2.16.0-3.18.1
- (no CPE)range: < 1.4.6-4.3.1
- (no CPE)range: < 7.0.1~dev24-3.35.2
- (no CPE)range: < 13.0.10~dev24-3.38.1
- (no CPE)range: < 7.0.2~dev2-3.35.1
- (no CPE)range: < 17.0.1~dev30-3.33.1
- (no CPE)range: < 9.0.8~dev22-12.45.1
- (no CPE)range: < 9.0.8~dev22-12.45.1
- (no CPE)range: < 11.0.4~dev4-3.35.1
- (no CPE)range: < 12.0.5~dev6-14.48.1
- (no CPE)range: < 14.1.1~dev11-4.39.1
- (no CPE)range: < 12.0.5~dev6-14.48.1
- (no CPE)range: < 11.1.5~dev18-4.33.1
- (no CPE)range: < 14.2.1~dev9-3.36.1
- (no CPE)range: < 7.2.1~dev1-4.35.1
- (no CPE)range: < 7.4.2~dev60-3.41.1
- (no CPE)range: < 1.8.2~dev3-3.35.1
- (no CPE)range: < 2.7.1~dev10-3.37.1
- (no CPE)range: < 4.0.2~dev3-12.38.1
- (no CPE)range: < 4.0.2~dev3-12.38.1
- (no CPE)range: < 13.0.8~dev206-6.39.1
- (no CPE)range: < 18.3.1~dev91-3.39.1
- (no CPE)range: < 3.2.3~dev7-4.35.1
- (no CPE)range: < 9.0.2~dev15-3.35.1
- (no CPE)range: < 2.19.2~dev48-2.30.1
Patches
Vulnerability mechanics
References
13- github.com/advisories/GHSA-vc3p-29h2-gpcpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-44716ghsaADVISORY
- security.gentoo.org/glsa/202208-02ghsavendor-advisoryWEB
- go.dev/cl/369794ghsaWEB
- go.dev/issue/50058ghsaWEB
- groups.google.com/g/golang-announce/c/hcmEScgc00kghsaWEB
- lists.debian.org/debian-lts-announce/2022/01/msg00016.htmlghsamailing-listWEB
- lists.debian.org/debian-lts-announce/2022/01/msg00017.htmlghsamailing-listWEB
- lists.debian.org/debian-lts-announce/2023/04/msg00021.htmlmitremailing-list
- pkg.go.dev/vuln/GO-2022-0288ghsaWEB
- security.netapp.com/advisory/ntap-20220121-0002ghsaWEB
- cert-portal.siemens.com/productcert/pdf/ssa-744259.pdfmitre
- security.netapp.com/advisory/ntap-20220121-0002/mitre
News mentions
0No linked articles in our index yet.