CVE-2022-41723

CVE Details

CVE-2022-41723

Last Update

10/10/2024

NIST CVE Summary

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

Our Official Summary

CVE exists in coredns that’s being used in k8s 1.28.11. Affects only k8s version 1.28.11.For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.

CVE Severity

7.5

Status

Ongoing

Affected Products & Versions

Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3
Palette Enterprise airgap 4.4.18, 4.5.3
Palette VerteX 4.5.3
Palette Enterprise 4.5.3

Revision History

1.0 08/16/2024 Initial Publication
2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products
3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products
4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products
5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products

CVE Details​

Last Update​

NIST CVE Summary​

Our Official Summary​

CVE Severity​

Status​

Affected Products & Versions​

Revision History​