Vulnerabilities > Golang > Http2

DATE CVE VULNERABILITY TITLE RISK
2023-10-11 CVE-2023-39325 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption.
network
low complexity
golang fedoraproject netapp CWE-770
7.5
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2023-02-28 CVE-2022-41723 Unspecified vulnerability in Golang GO
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
network
low complexity
golang
7.5
2022-12-08 CVE-2022-41717 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests.
network
low complexity
golang fedoraproject CWE-770
5.3