Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-2529: Multiple DoS Attack Vectors in sflow packet handling

sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service.

CVE
Open in Source
#dos#git

Package

gomod github.com/cloudflare/goflow (Go)

Affected versions

< 3.4.4

Description

Impact

sflow decode package is vulnerable to a denial of service attack. Attackers can craft malformed packets causing the process to consume huge amounts of memory resulting in a denial of service.

Patches

Version 3.4.4 contains patches fixing this.

Workarounds

A possible workaround is to not have your goflow collector publicly reachable.

For more information

If you have any questions or comments about this advisory:

  • Open an issue in goflow repo
  • Email us netdev[@]cloudflare.com

Related news

GHSA-9rpw-2h95-666c: Cloudflare GoFlow vulnerable to a Denial of Service in the sflow packet handling package

### Impact The sflow decode package prior to version 3.4.4 is vulnerable to a denial of service attack. Attackers can craft malformed packets causing the process to consume huge amounts of memory resulting in a denial of service. ### Patches Version 3.4.4 contains patches fixing this. ### Workarounds A possible workaround is to not have your goflow collector publicly reachable. ### For more information If you have any questions or comments about this advisory: * Open an issue in [goflow repo](https://github.com/cloudflare/goflow) * Email us [netdev[@]cloudflare.com ](mailto:[email protected])

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE