PT-2023-9031 · Golang+11 · Golang+11

Bartek Nowotarski

Published

2023-07-11

Updated

2026-02-18

CVE-2023-29406

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Golang (affected versions not specified)

Description The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With the fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. The issue allows a remote attacker to execute arbitrary code by exploiting the vulnerability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-436

Related Identifiers

ALSA-2023:6346

ALSA-2023:6363

ALSA-2023:6402

ALSA-2023:6473

ALSA-2023:6474

ALSA-2023:6938

ALSA-2023:6939

ALSA-2023:7202

ALT-PU-2023-4358

ALT-PU-2023-4359

ALT-PU-2023-4360

ALT-PU-2023-4736

ALT-PU-2023-4785

ALT-PU-2023-5492

ALT-PU-2023-7055

AZL-27410

AZL-28831

AZL-37418

AZL-37420

AZL-52711

AZL-79070

BDU:2024-03155

BIT-GOLANG-2023-29406

CESA-2023_5721

CESA-2023_6938

CESA-2023_6939

CESA-2023_7202

CVE-2023-29406

GO-2023-1878

INFBA-2024_3053

OESA-2023-1498

OESA-2023-1499

OESA-2023-1500

OESA-2023-1501

OESA-2023-1502

OESA-2024-1581

OESA-2024-1582

OESA-2024-1584

OESA-2024-1643

OESA-2025-1185

OPENSUSE-SU-2023_3002-1

OPENSUSE-SU-2023_3841-1

OPENSUSE-SU-2024:13046-1

OPENSUSE-SU-2024:13074-1

OPENSUSE-SU-2024_3656-1

RHSA-2023:5721

RHSA-2023:5738

RHSA-2023:5965

RHSA-2023:6298

RHSA-2023:6346

RHSA-2023:6363

RHSA-2023:6402

RHSA-2023:6473

RHSA-2023:6474

RHSA-2023:6818

RHSA-2023:6840

RHSA-2023:6938

RHSA-2023:6939

RHSA-2023:7202

RHSA-2023_5721

RHSA-2023_5738

RHSA-2023_6346

RHSA-2023_6363

RHSA-2023_6402

RHSA-2023_6473

RHSA-2023_6474

RHSA-2023_6938

RHSA-2023_6939

RHSA-2023_7202

RHSA-2024:0293

RLSA-2023:6818

RLSA-2023:7202

SUSE-SU-2023:2845-1

SUSE-SU-2023:2846-1

SUSE-SU-2023:3002-1

SUSE-SU-2023:3841-1

SUSE-SU-2023_2845-1

SUSE-SU-2023_2846-1

SUSE-SU-2023_3002-1

SUSE-SU-2023_3841-1

SUSE-SU-2024:3656-1

USN-7061-1

USN-7109-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Golang

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2023-9031 · Golang+11 · Golang+11

CVE-2023-29406

Weakness Enumeration

Related Identifiers

Affected Products

References · 212