CVE-2022-31028

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2019-09-25T18-25-51Z through RELEASE.2022-06-02T02-11-04Z

Description The issue is related to an unending go-routine buildup while keeping connections established due to HTTP clients not closing the connections. Public-facing MinIO deployments are most affected.

Recommendations For versions RELEASE.2019-09-25T18-25-51Z through RELEASE.2022-06-02T02-11-04Z, upgrade to RELEASE.2022-06-02T02-11-04Z or later to receive a patch. As a temporary workaround, consider using a reverse proxy to limit the number of connections being attempted in front of MinIO, and actively rejecting connections from malicious clients.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALT-PU-2022-3382

ALT-PU-2023-1522

ALT-PU-2023-1908

ALT-PU-2023-2074

ALT-PU-2024-17529

BIT-MINIO-2022-31028

CVE-2022-31028

GHSA-QRPR-R3PW-F636

Affected Products

Alt Linux

Minio

CVE-2022-31028

Weakness Enumeration

Related Identifiers

Affected Products

References · 18