Vulnerabilities > Golang > Http2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-11 | CVE-2023-39325 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. | 7.5 |
2023-10-10 | CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
2023-02-28 | CVE-2022-41723 | Unspecified vulnerability in Golang GO A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. | 7.5 |
2022-12-08 | CVE-2022-41717 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. | 5.3 |