{
  "threat_severity" : "Moderate",
  "public_date" : "2023-01-13T00:00:00Z",
  "bugzilla" : {
    "description" : "x/net/http2/h2c: request smuggling",
    "id" : "2162182",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2162182"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-444",
  "details" : [ "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.", "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead read the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests." ],
  "statement" : "This moderate severity flaw was found in golang.org/x/net/http2/h2c when using MaxBytesHandler. If the handler does not fully read the body of an HTTP request, the server may interpret the remaining request body as HTTP/2 frames. An attacker can craft this body to include arbitrary HTTP/2 frames, enabling request smuggling. This can cause denial of service (DoS) by crashing or disrupting the server’s HTTP/2 handling.",
  "affected_release" : [ {
    "product_name" : "MTA-6.2-RHEL-9",
    "release_date" : "2023-08-14T00:00:00Z",
    "advisory" : "RHSA-2023:4627",
    "cpe" : "cpe:/a:redhat:migration_toolkit_applications:6.2::el9",
    "package" : "mta/mta-hub-rhel9:6.2.0-16"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.13",
    "release_date" : "2023-05-17T00:00:00Z",
    "advisory" : "RHSA-2023:1326",
    "cpe" : "cpe:/a:redhat:openshift:4.13::el8",
    "package" : "openshift4/ose-thanos-rhel8:v4.13.0-202304190216.p0.gb6f11a5.assembly.stream"
  } ],
  "package_state" : [ {
    "product_name" : "OpenShift Pipelines",
    "fix_state" : "Not affected",
    "package_name" : "openshift-pipelines-client",
    "cpe" : "cpe:/a:redhat:openshift_pipelines:1"
  }, {
    "product_name" : "OpenShift Serverless",
    "fix_state" : "Affected",
    "package_name" : "CLI",
    "cpe" : "cpe:/a:redhat:serverless:1"
  }, {
    "product_name" : "OpenShift Serverless",
    "fix_state" : "Affected",
    "package_name" : "knative-eventing",
    "cpe" : "cpe:/a:redhat:serverless:1"
  }, {
    "product_name" : "OpenShift Serverless",
    "fix_state" : "Affected",
    "package_name" : "knative-serving",
    "cpe" : "cpe:/a:redhat:serverless:1"
  }, {
    "product_name" : "OpenShift Service Mesh 2",
    "fix_state" : "Affected",
    "package_name" : "openshift-service-mesh/istio-cni-rhel8",
    "cpe" : "cpe:/a:redhat:service_mesh:2"
  }, {
    "product_name" : "OpenShift Service Mesh 2.1",
    "fix_state" : "Will not fix",
    "package_name" : "servicemesh",
    "cpe" : "cpe:/a:redhat:service_mesh:2.1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2",
    "fix_state" : "Affected",
    "package_name" : "rhacm2/kube-rbac-proxy-rhel8",
    "cpe" : "cpe:/a:redhat:acm:2"
  }, {
    "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2",
    "fix_state" : "Affected",
    "package_name" : "rhacm2/thanos-rhel9",
    "cpe" : "cpe:/a:redhat:acm:2"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 3",
    "fix_state" : "Will not fix",
    "package_name" : "advanced-cluster-security/rhacs-main-rhel8",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:3"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 3",
    "fix_state" : "Not affected",
    "package_name" : "advanced-cluster-security/rhacs-scanner-rhel8",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "osbuild-composer",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Will not fix",
    "package_name" : "osbuild-composer",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Will not fix",
    "package_name" : "openshift4/ose-kube-rbac-proxy-rhel9",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Dev Spaces",
    "fix_state" : "Affected",
    "package_name" : "devspaces/traefik-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_devspaces:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-41721\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-41721\nhttps://go.dev/cl/447396\nhttps://go.dev/issue/56352\nhttps://pkg.go.dev/vuln/GO-2023-1495" ],
  "name" : "CVE-2022-41721",
  "csaw" : false
}