PT-2023-6559 · Hpack+11 · Hpack+11

Philippe Antoine

Published

2023-02-16

Updated

2026-04-07

CVE-2022-41723

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description The issue is related to a maliciously crafted HTTP/2 stream that could cause excessive CPU consumption in the HPACK decoder, leading to a denial of service. This can be achieved with a small number of small requests. The vulnerability is associated with uncontrolled resource consumption.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALSA-2023:6346

ALSA-2023:6363

ALSA-2023:6402

ALSA-2023:6473

ALSA-2023:6474

ALSA-2023:6938

ALSA-2023:6939

ALT-PU-2023-1269

ALT-PU-2023-1323

ALT-PU-2023-1515

ALT-PU-2023-1610

ALT-PU-2023-4785

ALT-PU-2025-10794

AZL-25350

AZL-25939

AZL-25940

AZL-26732

AZL-34543

AZL-34908

AZL-37377

AZL-37481

BDU:2023-07322

BIT-GOLANG-2022-41723

CESA-2023_3083

CESA-2023_6938

CESA-2023_6939

CESA-2023_7058

CVE-2022-41723

ECHO-3986-A6D9-7D93

GHSA-VVPX-J8F3-3W6H

GO-2023-1571

MGASA-2023-0109

OESA-2023-1192

OESA-2024-1139

OESA-2024-1181

OESA-2024-1335

OESA-2024-1380

OESA-2024-1381

OESA-2024-1382

OESA-2024-1406

OESA-2024-1407

OESA-2024-1503

OESA-2024-1504

OESA-2024-1509

OESA-2024-1529

OESA-2024-1530

OESA-2024-1543

OESA-2024-1581

OESA-2025-1059

OESA-2025-1168

OESA-2025-1169

OESA-2025-1170

OPENSUSE-SU-2023_2598-1

OPENSUSE-SU-2023_3868-1

OPENSUSE-SU-2024:12705-1

OPENSUSE-SU-2024:12707-1

OPENSUSE-SU-2024:12708-1

OPENSUSE-SU-2024:12732-1

OPENSUSE-SU-2024:12798-1

OPENSUSE-SU-2024:12809-1

OPENSUSE-SU-2024:12899-1

OPENSUSE-SU-2024:13005-1

OPENSUSE-SU-2024:13109-1

OPENSUSE-SU-2024:13143-1

OPENSUSE-SU-2024_3288-1

OPENSUSE-SU-2024_3656-1

RHSA-2023:1325

RHSA-2023:3083

RHSA-2023:3445

RHSA-2023:3447

RHSA-2023:3450

RHSA-2023:3612

RHSA-2023:4003

RHSA-2023:6346

RHSA-2023:6363

RHSA-2023:6402

RHSA-2023:6473

RHSA-2023:6474

RHSA-2023:6938

RHSA-2023:6939

RHSA-2023:7058

RHSA-2023_3083

RHSA-2023_6346

RHSA-2023_6363

RHSA-2023_6402

RHSA-2023_6473

RHSA-2023_6474

RHSA-2023_6938

RHSA-2023_6939

RHSA-2023_7058

RHSA-2024:0948

SUSE-SU-2023:0733-1

SUSE-SU-2023:0735-1

SUSE-SU-2023:0811-1

SUSE-SU-2023:0812-1

SUSE-SU-2023:0821-1

SUSE-SU-2023:0869-1

SUSE-SU-2023:0871-1

SUSE-SU-2023:2312-1

SUSE-SU-2023:2598-1

SUSE-SU-2023:3867-1

SUSE-SU-2023:3868-1

SUSE-SU-2023:3875-1

SUSE-SU-2023:4124-1

SUSE-SU-2023_0869-1

SUSE-SU-2023_4124-1

SUSE-SU-2024:0191-1

SUSE-SU-2024:0196-1

SUSE-SU-2024:3288-1

SUSE-SU-2024:3656-1

USN-7109-1

USN-7111-1

USN-8089-1

USN-8089-2

USN-8089-3

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Hpack

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2023-6559 · Hpack+11 · Hpack+11

CVE-2022-41723

Weakness Enumeration

Related Identifiers

Affected Products

References · 507