The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Golang
  • Go
Redhat
  • Advanced Cluster Security
  • Cryostat
  • Enterprise Linux
  • Logging
  • Migration Toolkit Applications
  • Network Observ Optr
  • Openshift
  • Openshift Api Data Protection
  • Openshift Data Foundation
  • Openshift Distributed Tracing
  • Openshift Secondary Scheduler
  • Openshift Serverless
  • Openstack
  • Rhmt
  • Run Once Duration Override Operator
  • Satellite
  • Serverless
  • Service Telemetry Framework

Configuration 1 [-]

OR cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Cryostat 2 on RHEL 8
cryostat-tech-preview/cryostat-rhel8-operator:2.3.1-11 cpe:/a:redhat:cryostat:2::el8 RHSA-2023:6031 2023-10-23T00:00:00Z
MTA-6.2-RHEL-8
mta/mta-rhel8-operator:6.2.2-3 cpe:/a:redhat:migration_toolkit_applications:6.2::el8 RHSA-2024:1027 2024-02-28T00:00:00Z
MTA-6.2-RHEL-9
mta/mta-hub-rhel9:6.2.2-2 cpe:/a:redhat:migration_toolkit_applications:6.2::el9 RHSA-2024:1027 2024-02-28T00:00:00Z
mta/mta-operator-bundle:6.2.2-5 cpe:/a:redhat:migration_toolkit_applications:6.2::el9 RHSA-2024:1027 2024-02-28T00:00:00Z
mta/mta-pathfinder-rhel9:6.2.2-2 cpe:/a:redhat:migration_toolkit_applications:6.2::el9 RHSA-2024:1027 2024-02-28T00:00:00Z
mta/mta-ui-rhel9:6.2.2-2 cpe:/a:redhat:migration_toolkit_applications:6.2::el9 RHSA-2024:1027 2024-02-28T00:00:00Z
mta/mta-windup-addon-rhel9:6.2.2-3 cpe:/a:redhat:migration_toolkit_applications:6.2::el9 RHSA-2024:1027 2024-02-28T00:00:00Z
NETWORK-OBSERVABILITY-1.4.0-RHEL-9
network-observability/network-observability-rhel9-operator:v1.4.0-51 cpe:/a:redhat:network_observ_optr:1.4.0::el9 RHSA-2023:5974 2023-10-20T00:00:00Z
OADP-1.1-RHEL-8
oadp/oadp-velero-rhel8:1.1.7-6 cpe:/a:redhat:openshift_api_data_protection:1.1::el8 RHSA-2023:6115 2023-10-25T00:00:00Z
Openshift Serverless 1 on RHEL 8
openshift-serverless-clients-0:1.9.2-4.el8 cpe:/a:redhat:serverless:1.0::el8 RHSA-2023:6298 2023-11-03T00:00:00Z
OSSO-1.1-RHEL-8
openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8:v1.1-37 cpe:/a:redhat:openshift_secondary_scheduler:1.1::el8 RHSA-2023:5933 2023-10-26T00:00:00Z
Red Hat Advanced Cluster Security 4.4
advanced-cluster-security/rhacs-main-rhel8:4.4.0-17 cpe:/a:redhat:advanced_cluster_security:4.4::el8 RHSA-2024:1570 2024-03-28T00:00:00Z
Red Hat Enterprise Linux 8
git-lfs-0:3.4.1-1.el8 cpe:/a:redhat:enterprise_linux:8 RHBA-2024:3053 2024-05-22T00:00:00Z
go-toolset:rhel8-8080020231013004859.6b4b45d8 cpe:/a:redhat:enterprise_linux:8 RHSA-2023:5721 2023-10-16T00:00:00Z
container-tools:4.0-8090020230828093056.e7857ab1 cpe:/a:redhat:enterprise_linux:8 RHSA-2023:6938 2023-11-14T00:00:00Z
container-tools:rhel8-8090020230825121312.e7857ab1 cpe:/a:redhat:enterprise_linux:8 RHSA-2023:6939 2023-11-14T00:00:00Z
container-tools:4.0-8090020231009143402.d7b6f4b7 cpe:/a:redhat:enterprise_linux:8 RHSA-2023:7202 2023-11-14T00:00:00Z
Red Hat Enterprise Linux 9
git-lfs-0:3.4.1-1.el9 cpe:/a:redhat:enterprise_linux:9 RHBA-2024:2274 2024-04-30T00:00:00Z
golang-0:1.19.13-1.el9_2 cpe:/a:redhat:enterprise_linux:9 RHSA-2023:5738 2023-10-16T00:00:00Z
toolbox-0:0.0.99.4-6.el9_3 cpe:/a:redhat:enterprise_linux:9 RHSA-2023:6346 2023-11-07T00:00:00Z
skopeo-2:1.13.3-1.el9 cpe:/a:redhat:enterprise_linux:9 RHSA-2023:6363 2023-11-07T00:00:00Z
containernetworking-plugins-1:1.3.0-4.el9 cpe:/a:redhat:enterprise_linux:9 RHSA-2023:6402 2023-11-07T00:00:00Z
buildah-1:1.31.3-1.el9 cpe:/a:redhat:enterprise_linux:9 RHSA-2023:6473 2023-11-07T00:00:00Z
podman-2:4.6.1-5.el9 cpe:/a:redhat:enterprise_linux:9 RHSA-2023:6474 2023-11-07T00:00:00Z
Red Hat Migration Toolkit for Containers 1.7
rhmtc/openshift-velero-plugin-rhel8:v1.7.14-3 cpe:/a:redhat:rhmt:1.7::el8 RHSA-2023:6161 2023-10-30T00:00:00Z
Red Hat OpenShift Container Platform 4.14
openshift-clients-0:4.14.0-202311031050.p0.g9b1e0d2.assembly.stream.el8 cpe:/a:redhat:openshift:4.14::el8 RHSA-2023:6840 2023-11-15T00:00:00Z
openshift-0:4.14.0-202401121302.p0.ge36e183.assembly.stream.el9 cpe:/a:redhat:openshift:4.14::el8 RHSA-2024:0293 2024-01-23T00:00:00Z
Red Hat OpenShift distributed tracing 2
jaeger-agent-container cpe:/a:redhat:openshift_distributed_tracing:2.9::el8 RHSA-2023:6085 2023-10-24T00:00:00Z
jaeger-all-in-one-container cpe:/a:redhat:openshift_distributed_tracing:2.9::el8 RHSA-2023:6085 2023-10-24T00:00:00Z
jaeger-collector-container cpe:/a:redhat:openshift_distributed_tracing:2.9::el8 RHSA-2023:6085 2023-10-24T00:00:00Z
jaeger-es-index-cleaner-container cpe:/a:redhat:openshift_distributed_tracing:2.9::el8 RHSA-2023:6085 2023-10-24T00:00:00Z
jaeger-es-rollover-container cpe:/a:redhat:openshift_distributed_tracing:2.9::el8 RHSA-2023:6085 2023-10-24T00:00:00Z
jaeger-ingester-container cpe:/a:redhat:openshift_distributed_tracing:2.9::el8 RHSA-2023:6085 2023-10-24T00:00:00Z
jaeger-operator-bundle-container cpe:/a:redhat:openshift_distributed_tracing:2.9::el8 RHSA-2023:6085 2023-10-24T00:00:00Z
jaeger-operator-container cpe:/a:redhat:openshift_distributed_tracing:2.9::el8 RHSA-2023:6085 2023-10-24T00:00:00Z
jaeger-query-container cpe:/a:redhat:openshift_distributed_tracing:2.9::el8 RHSA-2023:6085 2023-10-24T00:00:00Z
opentelemetry-collector-container cpe:/a:redhat:openshift_distributed_tracing:2.9::el8 RHSA-2023:6085 2023-10-24T00:00:00Z
opentelemetry-operator-bundle-container cpe:/a:redhat:openshift_distributed_tracing:2.9::el8 RHSA-2023:6085 2023-10-24T00:00:00Z
opentelemetry-operator-container cpe:/a:redhat:openshift_distributed_tracing:2.9::el8 RHSA-2023:6085 2023-10-24T00:00:00Z
tempo-container cpe:/a:redhat:openshift_distributed_tracing:2.9::el8 RHSA-2023:6085 2023-10-24T00:00:00Z
tempo-gateway-container cpe:/a:redhat:openshift_distributed_tracing:2.9::el8 RHSA-2023:6085 2023-10-24T00:00:00Z
tempo-gateway-opa-container cpe:/a:redhat:openshift_distributed_tracing:2.9::el8 RHSA-2023:6085 2023-10-24T00:00:00Z
tempo-operator-bundle-container cpe:/a:redhat:openshift_distributed_tracing:2.9::el8 RHSA-2023:6085 2023-10-24T00:00:00Z
tempo-operator-container cpe:/a:redhat:openshift_distributed_tracing:2.9::el8 RHSA-2023:6085 2023-10-24T00:00:00Z
tempo-query-container cpe:/a:redhat:openshift_distributed_tracing:2.9::el8 RHSA-2023:6085 2023-10-24T00:00:00Z
Red Hat OpenShift Serverless 1.30
openshift-serverless-1/client-kn-rhel8:1.9.2-4 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.9.0-4 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/eventing-controller-rhel8:1.9.0-4 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.9.0-4 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.9.0-4 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.9.0-9 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.9.0-9 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.9.0-9 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/eventing-kafka-broker-receiver-rhel8:1.9.0-9 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.9.0-9 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.9.0-4 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.9.0-4 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.9.0-4 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/eventing-mtping-rhel8:1.9.0-4 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/eventing-storage-version-migration-rhel8:1.9.0-4 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/eventing-webhook-rhel8:1.9.0-4 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/func-utils-rhel8:1.30.2-2 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/ingress-rhel8-operator:1.30.2-3 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/knative-rhel8-operator:1.30.2-3 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/kn-cli-artifacts-rhel8:1.9.2-4 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/kourier-control-rhel8:1.9.0-5 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/net-istio-controller-rhel8:1.9.0-5 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/net-istio-webhook-rhel8:1.9.0-5 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/serverless-operator-bundle:1.30.2-2 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/serverless-rhel8-operator:1.30.2-4 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/serving-activator-rhel8:1.9.0-4 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.9.0-4 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/serving-autoscaler-rhel8:1.9.0-4 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/serving-controller-rhel8:1.9.0-4 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/serving-domain-mapping-rhel8:1.9.0-4 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/serving-domain-mapping-webhook-rhel8:1.9.0-4 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/serving-queue-rhel8:1.9.0-4 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/serving-storage-version-migration-rhel8:1.9.0-4 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/serving-webhook-rhel8:1.9.0-4 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1/svls-must-gather-rhel8:1.30.2-1 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1-tech-preview/eventing-istio-controller-rhel8:1.9.0-4 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8:1.9.0-4 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8:1.30.0-8 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1-tech-preview/logic-swf-builder-rhel8:1.30.0-9 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
openshift-serverless-1-tech-preview/logic-swf-devmode-rhel8:1.30.0-9 cpe:/a:redhat:openshift_serverless:1.30::el8 RHSA-2023:6296 2023-11-02T00:00:00Z
Red Hat OpenStack Platform 16.2
rhosp-rhel8/osp-director-agent:1.3.0-10 cpe:/a:redhat:openstack:16.2::el8 RHSA-2023:5935 2023-10-19T00:00:00Z
rhosp-rhel8/osp-director-downloader:1.3.0-11 cpe:/a:redhat:openstack:16.2::el8 RHSA-2023:5935 2023-10-19T00:00:00Z
rhosp-rhel8/osp-director-operator:1.3.0-9 cpe:/a:redhat:openstack:16.2::el8 RHSA-2023:5935 2023-10-19T00:00:00Z
rhosp-rhel8/osp-director-operator-bundle:1.3.0-19 cpe:/a:redhat:openstack:16.2::el8 RHSA-2023:5935 2023-10-19T00:00:00Z
etcd-0:3.3.23-15.el8ost cpe:/a:redhat:openstack:16.2::el8 RHSA-2023:5965 2023-10-20T00:00:00Z
Red Hat Satellite 6.14 for RHEL 8
yggdrasil-worker-forwarder-0:0.0.3-1.el8sat cpe:/a:redhat:satellite:6.14::el8 RHSA-2023:6818 2023-11-08T00:00:00Z
RHODF-4.15-RHEL-9
odf4/cephcsi-rhel9:v4.15.0-37 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
RHOL-5.6-RHEL-8
openshift-logging/logging-loki-rhel8:v2.9.2-2 cpe:/a:redhat:logging:5.6::el8 RHSA-2023:5541 2023-10-20T00:00:00Z
RHOL-5.7-RHEL-8
openshift-logging/logging-loki-rhel8:v2.9.2-1 cpe:/a:redhat:logging:5.7::el8 RHSA-2023:5530 2023-10-20T00:00:00Z
RODOO-1.0-RHEL-8
run-once-duration-override-operator/run-once-duration-override-rhel8:v1.0-30 cpe:/a:redhat:run_once_duration_override_operator:1.0::el8 RHSA-2023:5947 2023-10-26T00:00:00Z
STF-1.5-RHEL-8
stf/prometheus-webhook-snmp-rhel8:1.5.2-8 cpe:/a:redhat:service_telemetry_framework:1.5::el8 RHSA-2023:5976 2023-10-20T00:00:00Z
stf/service-telemetry-operator-bundle:1.5.1697612918-1 cpe:/a:redhat:service_telemetry_framework:1.5::el8 RHSA-2023:5976 2023-10-20T00:00:00Z
stf/service-telemetry-rhel8-operator:1.5.1-8 cpe:/a:redhat:service_telemetry_framework:1.5::el8 RHSA-2023:5976 2023-10-20T00:00:00Z
stf/sg-bridge-rhel8:1.5.0-18 cpe:/a:redhat:service_telemetry_framework:1.5::el8 RHSA-2023:5976 2023-10-20T00:00:00Z
stf/sg-core-rhel8:5.1.1-8 cpe:/a:redhat:service_telemetry_framework:1.5::el8 RHSA-2023:5976 2023-10-20T00:00:00Z
stf/smart-gateway-operator-bundle:5.0.1697612918-1 cpe:/a:redhat:service_telemetry_framework:1.5::el8 RHSA-2023:5976 2023-10-20T00:00:00Z
stf/smart-gateway-rhel8-operator:5.0.1-9 cpe:/a:redhat:service_telemetry_framework:1.5::el8 RHSA-2023:5976 2023-10-20T00:00:00Z
References
Link Providers
https://go.dev/cl/506996 cve-icon cve-icon
https://go.dev/issue/60374 cve-icon cve-icon
https://groups.google.com/g/golang-announce/c/2q13H6LEEx0 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-29406 cve-icon
https://pkg.go.dev/vuln/GO-2023-1878 cve-icon cve-icon
https://security.gentoo.org/glsa/202311-09 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20230814-0002/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-29406 cve-icon
History

Thu, 07 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 08 Sep 2024 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Distributed Tracing
CPEs cpe:/a:redhat:openshift_distributed_tracing:2.9::el8
Vendors & Products Redhat openshift Distributed Tracing

Mon, 19 Aug 2024 22:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_distributed_tracing:2.9::el8
Vendors & Products Redhat openshift Distributed Tracing
cve-icon MITRE

Status: PUBLISHED

Assigner: Go

Published:

Updated: 2025-02-13T16:49:14.579Z

Reserved: 2023-04-05T19:36:35.043Z

Link: CVE-2023-29406

cve-icon Vulnrichment

Updated: 2024-08-02T14:07:45.735Z

cve-icon NVD

Status : Modified

Published: 2023-07-11T20:15:10.643

Modified: 2024-11-21T07:56:59.913

Link: CVE-2023-29406

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-07-11T00:00:00Z

Links: CVE-2023-29406 - Bugzilla