CVE-2022-41721 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2022-41721 Interim 1 8 2025-02-16T02:53:02Z current 2023-01-19T00:46:06Z 2025-02-16T02:53:02Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2022-41721 A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Real Time 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Module for Development Tools 15 SP4 openSUSE Tumbleweed caddy-2.6.3-1.1 go1.18 go1.18-doc go1.18-race go1.19 go1.19-doc go1.19-race caddy-2.6.3-1.1 as a component of openSUSE Tumbleweed go1.18 as a component of SUSE Enterprise Storage 7.1 go1.18-doc as a component of SUSE Enterprise Storage 7.1 go1.18-race as a component of SUSE Enterprise Storage 7.1 go1.19 as a component of SUSE Enterprise Storage 7.1 go1.19-doc as a component of SUSE Enterprise Storage 7.1 go1.19-race as a component of SUSE Enterprise Storage 7.1 go1.18 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS go1.18-doc as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS go1.18-race as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS go1.19 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS go1.19-doc as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS go1.19-race as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS go1.18 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS go1.18-doc as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS go1.18-race as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS go1.19 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS go1.19-doc as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS go1.19-race as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS go1.18 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP4 go1.18-doc as a component of SUSE Linux Enterprise Module for Development Tools 15 SP4 go1.18-race as a component of SUSE Linux Enterprise Module for Development Tools 15 SP4 go1.19 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP4 go1.19-doc as a component of SUSE Linux Enterprise Module for Development Tools 15 SP4 go1.19-race as a component of SUSE Linux Enterprise Module for Development Tools 15 SP4 go1.18 as a component of SUSE Linux Enterprise Real Time 15 SP3 go1.18-doc as a component of SUSE Linux Enterprise Real Time 15 SP3 go1.18-race as a component of SUSE Linux Enterprise Real Time 15 SP3 go1.19 as a component of SUSE Linux Enterprise Real Time 15 SP3 go1.19-doc as a component of SUSE Linux Enterprise Real Time 15 SP3 go1.19-race as a component of SUSE Linux Enterprise Real Time 15 SP3 go1.18 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 go1.18-doc as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 go1.18-race as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 go1.19 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 go1.19-doc as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 go1.19-race as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests. CVE-2022-41721 openSUSE Tumbleweed:caddy-2.6.3-1.1 SUSE Enterprise Storage 7.1:go1.18 SUSE Enterprise Storage 7.1:go1.18-doc SUSE Enterprise Storage 7.1:go1.18-race SUSE Enterprise Storage 7.1:go1.19 SUSE Enterprise Storage 7.1:go1.19-doc SUSE Enterprise Storage 7.1:go1.19-race SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-doc SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.18-race SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.19 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.19-doc SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:go1.19-race SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-doc SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.18-race SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.19 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.19-doc SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.19-race SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18 SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-race SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19 SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-race SUSE Linux Enterprise Real Time 15 SP3:go1.18 SUSE Linux Enterprise Real Time 15 SP3:go1.18-doc SUSE Linux Enterprise Real Time 15 SP3:go1.18-race SUSE Linux Enterprise Real Time 15 SP3:go1.19 SUSE Linux Enterprise Real Time 15 SP3:go1.19-doc SUSE Linux Enterprise Real Time 15 SP3:go1.19-race SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18 SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-doc SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.18-race SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.19 SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.19-doc SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.19-race important 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H