Http2 GoLang Http2

Do you want an email whenever new security vulnerabilities are reported in GoLang Http2?

By the Year

In 2023 there have been 1 vulnerability in GoLang Http2 with an average score of 7.5 out of ten. Last year Http2 had 1 security vulnerability published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. However, the average CVE base score of the vulnerabilities in 2023 is greater by 2.20.

Year Vulnerabilities Average Score
2023 1 7.50
2022 1 5.30
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Http2 vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent GoLang Http2 Security Vulnerabilities

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service

CVE-2022-41723 7.5 - High - February 28, 2023

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

CVE-2022-41717 5.3 - Medium - December 08, 2022

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

Allocation of Resources Without Limits or Throttling

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Fedora Project Fedora or by GoLang? Click the Watch button to subscribe.

GoLang
Vendor

GoLang Http2
Product

subscribe