Skip to content

Commit 788d6f5

Browse files
tatianabgopherbot
tatianab
authored and
gopherbot
committed
data/reports: add GO-2024-2963
 - data/reports/GO-2024-2963.yaml Updates #2963 Change-Id: I72ed11473174bb6f1ad76f3166e77fd7a8b722e8 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/596178 LUCI-TryBot-Result: Go LUCI <[email protected]> Auto-Submit: Tatiana Bradley <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]>
1 parent 455ee1e commit 788d6f5

File tree

3 files changed

+253
-0
lines changed

3 files changed

+253
-0
lines changed

data/cve/v5/GO-2024-2963.json

Lines changed: 118 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,118 @@
1+
{
2+
"dataType": "CVE_RECORD",
3+
"dataVersion": "5.0",
4+
"cveMetadata": {
5+
"cveId": "CVE-2024-24791"
6+
},
7+
"containers": {
8+
"cna": {
9+
"providerMetadata": {
10+
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc"
11+
},
12+
"title": "Denial of service due to improper 100-continue handling in net/http",
13+
"descriptions": [
14+
{
15+
"lang": "en",
16+
"value": "The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \"Expect: 100-continue\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \"Expect: 100-continue\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail."
17+
}
18+
],
19+
"affected": [
20+
{
21+
"vendor": "Go standard library",
22+
"product": "net/http",
23+
"collectionURL": "https://pkg.go.dev",
24+
"packageName": "net/http",
25+
"versions": [
26+
{
27+
"version": "0",
28+
"lessThan": "1.21.12",
29+
"status": "affected",
30+
"versionType": "semver"
31+
},
32+
{
33+
"version": "1.22.0-0",
34+
"lessThan": "1.22.5",
35+
"status": "affected",
36+
"versionType": "semver"
37+
}
38+
],
39+
"programRoutines": [
40+
{
41+
"name": "persistConn.readResponse"
42+
},
43+
{
44+
"name": "Client.CloseIdleConnections"
45+
},
46+
{
47+
"name": "Client.Do"
48+
},
49+
{
50+
"name": "Client.Get"
51+
},
52+
{
53+
"name": "Client.Head"
54+
},
55+
{
56+
"name": "Client.Post"
57+
},
58+
{
59+
"name": "Client.PostForm"
60+
},
61+
{
62+
"name": "Get"
63+
},
64+
{
65+
"name": "Head"
66+
},
67+
{
68+
"name": "Post"
69+
},
70+
{
71+
"name": "PostForm"
72+
},
73+
{
74+
"name": "Transport.CancelRequest"
75+
},
76+
{
77+
"name": "Transport.CloseIdleConnections"
78+
},
79+
{
80+
"name": "Transport.RoundTrip"
81+
}
82+
],
83+
"defaultStatus": "unaffected"
84+
}
85+
],
86+
"problemTypes": [
87+
{
88+
"descriptions": [
89+
{
90+
"lang": "en",
91+
"description": "CWE 400: Uncontrolled Resource Consumption"
92+
}
93+
]
94+
}
95+
],
96+
"references": [
97+
{
98+
"url": "https://go.dev/cl/591255"
99+
},
100+
{
101+
"url": "https://go.dev/issue/67555"
102+
},
103+
{
104+
"url": "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ"
105+
},
106+
{
107+
"url": "https://pkg.go.dev/vuln/GO-2024-2963"
108+
}
109+
],
110+
"credits": [
111+
{
112+
"lang": "en",
113+
"value": "Geoff Franks"
114+
}
115+
]
116+
}
117+
}
118+
}

data/osv/GO-2024-2963.json

Lines changed: 84 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,84 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-2963",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-24791"
8+
],
9+
"summary": "Denial of service due to improper 100-continue handling in net/http",
10+
"details": "The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \"Expect: 100-continue\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.\n\nAn attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \"Expect: 100-continue\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.",
11+
"affected": [
12+
{
13+
"package": {
14+
"name": "stdlib",
15+
"ecosystem": "Go"
16+
},
17+
"ranges": [
18+
{
19+
"type": "SEMVER",
20+
"events": [
21+
{
22+
"introduced": "0"
23+
},
24+
{
25+
"fixed": "1.21.12"
26+
},
27+
{
28+
"introduced": "1.22.0-0"
29+
},
30+
{
31+
"fixed": "1.22.5"
32+
}
33+
]
34+
}
35+
],
36+
"ecosystem_specific": {
37+
"imports": [
38+
{
39+
"path": "net/http",
40+
"symbols": [
41+
"Client.CloseIdleConnections",
42+
"Client.Do",
43+
"Client.Get",
44+
"Client.Head",
45+
"Client.Post",
46+
"Client.PostForm",
47+
"Get",
48+
"Head",
49+
"Post",
50+
"PostForm",
51+
"Transport.CancelRequest",
52+
"Transport.CloseIdleConnections",
53+
"Transport.RoundTrip",
54+
"persistConn.readResponse"
55+
]
56+
}
57+
]
58+
}
59+
}
60+
],
61+
"references": [
62+
{
63+
"type": "FIX",
64+
"url": "https://go.dev/cl/591255"
65+
},
66+
{
67+
"type": "REPORT",
68+
"url": "https://go.dev/issue/67555"
69+
},
70+
{
71+
"type": "WEB",
72+
"url": "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ"
73+
}
74+
],
75+
"credits": [
76+
{
77+
"name": "Geoff Franks"
78+
}
79+
],
80+
"database_specific": {
81+
"url": "https://pkg.go.dev/vuln/GO-2024-2963",
82+
"review_status": "REVIEWED"
83+
}
84+
}

data/reports/GO-2024-2963.yaml

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
id: GO-2024-2963
2+
modules:
3+
- module: std
4+
versions:
5+
- fixed: 1.21.12
6+
- introduced: 1.22.0-0
7+
- fixed: 1.22.5
8+
vulnerable_at: 1.22.4
9+
packages:
10+
- package: net/http
11+
symbols:
12+
- persistConn.readResponse
13+
derived_symbols:
14+
- Client.CloseIdleConnections
15+
- Client.Do
16+
- Client.Get
17+
- Client.Head
18+
- Client.Post
19+
- Client.PostForm
20+
- Get
21+
- Head
22+
- Post
23+
- PostForm
24+
- Transport.CancelRequest
25+
- Transport.CloseIdleConnections
26+
- Transport.RoundTrip
27+
summary: Denial of service due to improper 100-continue handling in net/http
28+
description: |-
29+
The net/http HTTP/1.1 client mishandled the case where a server responds to a
30+
request with an "Expect: 100-continue" header with a non-informational (200 or
31+
higher) status. This mishandling could leave a client connection in an invalid
32+
state, where the next request sent on the connection will fail.
33+
34+
An attacker sending a request to a net/http/httputil.ReverseProxy proxy can
35+
exploit this mishandling to cause a denial of service by sending "Expect:
36+
100-continue" requests which elicit a non-informational response from the
37+
backend. Each such request leaves the proxy with an invalid connection, and
38+
causes one subsequent request using that connection to fail.
39+
credits:
40+
- Geoff Franks
41+
references:
42+
- fix: https://go.dev/cl/591255
43+
- report: https://go.dev/issue/67555
44+
- web: https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ
45+
cve_metadata:
46+
id: CVE-2024-24791
47+
cwe: 'CWE 400: Uncontrolled Resource Consumption'
48+
source:
49+
id: go-security-team
50+
created: 2024-07-02T15:43:26.900923-04:00
51+
review_status: REVIEWED

0 commit comments

Comments
 (0)