Gostandardlibrary Nethttp
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Gostandardlibrary Nethttp.
By the Year
In 2026 there have been 0 vulnerabilities in Gostandardlibrary Nethttp. Nethttp did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 7.50 |
It may take a day or so for new Nethttp vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Gostandardlibrary Nethttp Security Vulnerabilities
Go HTTP/2 CONTINUATION frame DoS by excessive header parsing
CVE-2023-45288
7.5 - High
- April 04, 2024
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Gostandardlibrary Nethttp or by Gostandardlibrary? Click the Watch button to subscribe.
