virus logo FortiClient Vulnerability

Golang ReverseProxy Denial of Service Vulnerability

description-logoDescription

Requests forwarded by ReverseProxy included the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory.

affected-products-logoAffected Applications

Go Programming Language

CVE References

CVE-2022-41715 CVE-2022-2880

Other References

https://groups.google.com/g/golang-announce/c/xtuG5faxtaU
ID 4559
Created Oct 26, 2022
Description
Updated		 Jul 31, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor Golang
Patch manual
Application Go Programming Language