PT-2023-9031 · Golang+11 · Golang+11

Bartek Nowotarski

Publicado

2023-07-11

Atualizado

2026-02-18

CVE-2023-29406

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Golang (affected versions not specified)

Description The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With the fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. The issue allows a remote attacker to execute arbitrary code by exploiting the vulnerability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-436

Identificadores relacionados

ALSA-2023:6346

ALSA-2023:6363

ALSA-2023:6402

ALSA-2023:6473

ALSA-2023:6474

ALSA-2023:6938

ALSA-2023:6939

ALSA-2023:7202

ALT-PU-2023-4358

ALT-PU-2023-4359

ALT-PU-2023-4360

ALT-PU-2023-4736

ALT-PU-2023-4785

ALT-PU-2023-5492

ALT-PU-2023-7055

AZL-27410

AZL-28831

AZL-37418

AZL-37420

AZL-52711

AZL-79070

BDU:2024-03155

BIT-GOLANG-2023-29406

CESA-2023_5721

CESA-2023_6938

CESA-2023_6939

CESA-2023_7202

CVE-2023-29406

GO-2023-1878

INFBA-2024_3053

OESA-2023-1498

OESA-2023-1499

OESA-2023-1500

OESA-2023-1501

OESA-2023-1502

OESA-2024-1581

OESA-2024-1582

OESA-2024-1584

OESA-2024-1643

OESA-2025-1185

OPENSUSE-SU-2023_3002-1

OPENSUSE-SU-2023_3841-1

OPENSUSE-SU-2024:13046-1

OPENSUSE-SU-2024:13074-1

OPENSUSE-SU-2024_3656-1

RHSA-2023:5721

RHSA-2023:5738

RHSA-2023:5965

RHSA-2023:6298

RHSA-2023:6346

RHSA-2023:6363

RHSA-2023:6402

RHSA-2023:6473

RHSA-2023:6474

RHSA-2023:6818

RHSA-2023:6840

RHSA-2023:6938

RHSA-2023:6939

RHSA-2023:7202

RHSA-2023_5721

RHSA-2023_5738

RHSA-2023_6346

RHSA-2023_6363

RHSA-2023_6402

RHSA-2023_6473

RHSA-2023_6474

RHSA-2023_6938

RHSA-2023_6939

RHSA-2023_7202

RHSA-2024:0293

RLSA-2023:6818

RLSA-2023:7202

SUSE-SU-2023:2845-1

SUSE-SU-2023:2846-1

SUSE-SU-2023:3002-1

SUSE-SU-2023:3841-1

SUSE-SU-2023_2845-1

SUSE-SU-2023_2846-1

SUSE-SU-2023_3002-1

SUSE-SU-2023_3841-1

SUSE-SU-2024:3656-1

USN-7061-1

USN-7109-1

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Golang

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2023-9031 · Golang+11 · Golang+11

CVE-2023-29406

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 212