Advisories ยป MGASA-2023-0109

Updated golang packages fix security vulnerability

Publication date: 24 Mar 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-41723 , CVE-2022-41724 , CVE-2022-41725 , CVE-2023-24532


A maliciously crafted HTTP/2 stream could cause excessive CPU consumption
in the HPACK decoder, sufficient to cause a denial of service from a small
number of small requests. (CVE-2022-41723)
Large handshake records may cause panics in crypto/tls. (CVE-2022-41724)
Denial of service from excessive resource consumption in net/http and
mime/multipart. (CVE-2022-41725)
The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an
incorrect result if called with some specific unreduced scalars