{ "document": { "aggregate_severity": { "text": "Medium" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos8.5els/vex/2023/cve-2023-39326-els_os-centos8_5els.json" } ], "tracking": { "current_release_date": "2026-04-08T20:40:27Z", "generator": { "date": "2026-04-08T20:40:33Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2023-39326-ELS_OS-CENTOS8.5ELS", "initial_release_date": "2023-12-06T17:15:00Z", "revision_history": [ { "date": "2023-12-06T17:15:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-04-08T20:10:44Z", "number": "2", "summary": "Official Publication" }, { "date": "2026-04-08T20:40:27Z", "number": "3", "summary": "Update document" } ], "status": "final", "version": "3" }, "title": "Security update on CVE-2023-39326" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "pam-0:1.3.1-15.el8.x86_64", "product": { "name": "pam-0:1.3.1-15.el8.x86_64", "product_id": "pam-0:1.3.1-15.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/centos/pam@1.3.1-15.el8?arch=x86_64" } } }, { "category": "product_version", "name": "pam-devel-0:1.3.1-15.el8.x86_64", "product": { "name": "pam-devel-0:1.3.1-15.el8.x86_64", "product_id": "pam-devel-0:1.3.1-15.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/centos/pam-devel@1.3.1-15.el8?arch=x86_64" } } }, { "category": "product_version", "name": "tar-2:1.30-5.el8.x86_64", "product": { "name": "tar-2:1.30-5.el8.x86_64", "product_id": "tar-2:1.30-5.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/centos/tar@1.30-5.el8?arch=x86_64&epoch=2" } } }, { "category": "product_version", "name": "libstdc++-devel-0:8.5.0-4.el8_5.x86_64", "product": { "name": "libstdc++-devel-0:8.5.0-4.el8_5.x86_64", "product_id": "libstdc++-devel-0:8.5.0-4.el8_5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/centos/libstdc++-devel@8.5.0-4.el8_5?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "pam-0:1.3.1-15.el8.i686", "product": { "name": "pam-0:1.3.1-15.el8.i686", "product_id": "pam-0:1.3.1-15.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/centos/pam@1.3.1-15.el8?arch=i686" } } }, { "category": "product_version", "name": "pam-devel-0:1.3.1-15.el8.i686", "product": { "name": "pam-devel-0:1.3.1-15.el8.i686", "product_id": "pam-devel-0:1.3.1-15.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/centos/pam-devel@1.3.1-15.el8?arch=i686" } } }, { "category": "product_version", "name": "libstdc++-devel-0:8.5.0-4.el8_5.i686", "product": { "name": "libstdc++-devel-0:8.5.0-4.el8_5.i686", "product_id": "libstdc++-devel-0:8.5.0-4.el8_5.i686", "product_identification_helper": { "purl": "pkg:rpm/centos/libstdc++-devel@8.5.0-4.el8_5?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8.5", "product": { "name": "Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8.5:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "pam-0:1.3.1-15.el8.tuxcare.els1.x86_64", "product": { "name": "pam-0:1.3.1-15.el8.tuxcare.els1.x86_64", "product_id": "pam-0:1.3.1-15.el8.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/pam@1.3.1-15.el8.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "pam-0:1.3.1-15.el8.tuxcare.els2.x86_64", "product": { "name": "pam-0:1.3.1-15.el8.tuxcare.els2.x86_64", "product_id": "pam-0:1.3.1-15.el8.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/pam@1.3.1-15.el8.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64", "product": { "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64", "product_id": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/pam-devel@1.3.1-15.el8.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64", "product": { "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64", "product_id": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/pam-devel@1.3.1-15.el8.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "tar-2:1.30-5.el8.tuxcare.els1.x86_64", "product": { "name": "tar-2:1.30-5.el8.tuxcare.els1.x86_64", "product_id": "tar-2:1.30-5.el8.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/tar@1.30-5.el8.tuxcare.els1?arch=x86_64&epoch=2" } } }, { "category": "product_version", "name": "tar-2:1.30-5.el8.tuxcare.els2.x86_64", "product": { "name": "tar-2:1.30-5.el8.tuxcare.els2.x86_64", "product_id": "tar-2:1.30-5.el8.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/tar@1.30-5.el8.tuxcare.els2?arch=x86_64&epoch=2" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "pam-0:1.3.1-15.el8.tuxcare.els1.i686", "product": { "name": "pam-0:1.3.1-15.el8.tuxcare.els1.i686", "product_id": "pam-0:1.3.1-15.el8.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/pam@1.3.1-15.el8.tuxcare.els1?arch=i686" } } }, { "category": "product_version", "name": "pam-0:1.3.1-15.el8.tuxcare.els2.i686", "product": { "name": "pam-0:1.3.1-15.el8.tuxcare.els2.i686", "product_id": "pam-0:1.3.1-15.el8.tuxcare.els2.i686", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/pam@1.3.1-15.el8.tuxcare.els2?arch=i686" } } }, { "category": "product_version", "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686", "product": { "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686", "product_id": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/pam-devel@1.3.1-15.el8.tuxcare.els2?arch=i686" } } }, { "category": "product_version", "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686", "product": { "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686", "product_id": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/pam-devel@1.3.1-15.el8.tuxcare.els1?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "CloudLinux" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.i686", "product": { "name": "libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.i686", "product_id": "libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libstdc++-devel@8.5.0-4.el8_5.tuxcare.els1?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.x86_64", "product": { "name": "libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.x86_64", "product_id": "libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libstdc++-devel@8.5.0-4.el8_5.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "pam-0:1.3.1-15.el8.tuxcare.els1.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.x86_64" }, "product_reference": "pam-0:1.3.1-15.el8.tuxcare.els1.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-0:1.3.1-15.el8.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-0:1.3.1-15.el8.x86_64" }, "product_reference": "pam-0:1.3.1-15.el8.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-0:1.3.1-15.el8.tuxcare.els1.i686 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.i686" }, "product_reference": "pam-0:1.3.1-15.el8.tuxcare.els1.i686", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-0:1.3.1-15.el8.i686 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-0:1.3.1-15.el8.i686" }, "product_reference": "pam-0:1.3.1-15.el8.i686", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-0:1.3.1-15.el8.tuxcare.els2.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.x86_64" }, "product_reference": "pam-0:1.3.1-15.el8.tuxcare.els2.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-0:1.3.1-15.el8.tuxcare.els2.i686 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.i686" }, "product_reference": "pam-0:1.3.1-15.el8.tuxcare.els2.i686", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686" }, "product_reference": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-devel-0:1.3.1-15.el8.i686 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-devel-0:1.3.1-15.el8.i686" }, "product_reference": "pam-devel-0:1.3.1-15.el8.i686", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64" }, "product_reference": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-devel-0:1.3.1-15.el8.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-devel-0:1.3.1-15.el8.x86_64" }, "product_reference": "pam-devel-0:1.3.1-15.el8.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64" }, "product_reference": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686" }, "product_reference": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "tar-2:1.30-5.el8.tuxcare.els1.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:tar-2:1.30-5.el8.tuxcare.els1.x86_64" }, "product_reference": "tar-2:1.30-5.el8.tuxcare.els1.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "tar-2:1.30-5.el8.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:tar-2:1.30-5.el8.x86_64" }, "product_reference": "tar-2:1.30-5.el8.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "tar-2:1.30-5.el8.tuxcare.els2.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:tar-2:1.30-5.el8.tuxcare.els2.x86_64" }, "product_reference": "tar-2:1.30-5.el8.tuxcare.els2.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.i686 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.i686" }, "product_reference": "libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.i686", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "libstdc++-devel-0:8.5.0-4.el8_5.i686 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.i686" }, "product_reference": "libstdc++-devel-0:8.5.0-4.el8_5.i686", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.x86_64" }, "product_reference": "libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "libstdc++-devel-0:8.5.0-4.el8_5.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.x86_64" }, "product_reference": "libstdc++-devel-0:8.5.0-4.el8_5.x86_64", "relates_to_product_reference": "CentOS-8.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-39326", "notes": [ { "category": "description", "text": "A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.i686", "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.i686", "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.x86_64", "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.x86_64", "CentOS-8.5:pam-0:1.3.1-15.el8.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.x86_64", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.x86_64", "CentOS-8.5:pam-0:1.3.1-15.el8.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.x86_64", "CentOS-8.5:tar-2:1.30-5.el8.tuxcare.els1.x86_64", "CentOS-8.5:tar-2:1.30-5.el8.tuxcare.els2.x86_64", "CentOS-8.5:tar-2:1.30-5.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-39326" }, { "category": "external", "summary": "https://go.dev/cl/547335", "url": "https://go.dev/cl/547335" }, { "category": "external", "summary": "https://go.dev/issue/64433", "url": "https://go.dev/issue/64433" }, { "category": "external", "summary": "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", "url": "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIU6HOGV6RRIKWM57LOXQA75BGZSIH6G/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIU6HOGV6RRIKWM57LOXQA75BGZSIH6G/" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-2382", "url": "https://pkg.go.dev/vuln/GO-2023-2382" } ], "release_date": "2023-12-06T17:15:00Z", "remediations": [ { "category": "no_fix_planned", "details": "This issue only affects Go-based services using net/http with HTTP/1.1 chunked transfer encoding and chunk extensions, and its effect is limited to read amplification (the server may automatically read up to ~1 GiB more data) without any confidentiality or integrity impact. Exploitation further depends on a specific precondition—that a handler does not fully consume the request body—and chunk extensions are uncommon and typically stripped by HTTP intermediaries that normalize or dechunk traffic, which constrains practical exploitability in managed server/VM environments. It is already remediated in maintained Go releases (1.20.12/1.21.5 and later), so this CVE can be safely deprioritized.", "product_ids": [ "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.i686", "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.i686", "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.x86_64", "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.x86_64", "CentOS-8.5:pam-0:1.3.1-15.el8.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.x86_64", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.x86_64", "CentOS-8.5:pam-0:1.3.1-15.el8.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.x86_64", "CentOS-8.5:tar-2:1.30-5.el8.tuxcare.els1.x86_64", "CentOS-8.5:tar-2:1.30-5.el8.tuxcare.els2.x86_64", "CentOS-8.5:tar-2:1.30-5.el8.x86_64" ] }, { "category": "no_fix_planned", "details": "CVE-2023-39326 only applies to Go’s net/http when parsing HTTP/1.1 chunked bodies with chunk extensions and has a resource-only effect (excess network reads, up to ~1 GiB auto-drain) with no code execution or integrity impact, and server-side abuse further requires a handler that returns without fully reading the request body. In architectures that terminate or normalize HTTP at a reverse proxy or use HTTP/2/HTTP/3, chunk extensions are not propagated to backends, making practical exploitation unlikely. Given these protocol and handler preconditions plus the limited impact scope, this can be safely deprioritized in managed enterprise VM/server environments.", "product_ids": [ "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.i686", "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.i686", "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.x86_64", "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.x86_64", "CentOS-8.5:pam-0:1.3.1-15.el8.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.x86_64", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.x86_64", "CentOS-8.5:pam-0:1.3.1-15.el8.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.x86_64", "CentOS-8.5:tar-2:1.30-5.el8.tuxcare.els1.x86_64", "CentOS-8.5:tar-2:1.30-5.el8.tuxcare.els2.x86_64", "CentOS-8.5:tar-2:1.30-5.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.i686", "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.i686", "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.x86_64", "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.x86_64", "CentOS-8.5:pam-0:1.3.1-15.el8.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.x86_64", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.x86_64", "CentOS-8.5:pam-0:1.3.1-15.el8.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.x86_64", "CentOS-8.5:tar-2:1.30-5.el8.tuxcare.els1.x86_64", "CentOS-8.5:tar-2:1.30-5.el8.tuxcare.els2.x86_64", "CentOS-8.5:tar-2:1.30-5.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }