Vulnerabilities > Golang > Http2 > 0.5.0

DATE CVE VULNERABILITY TITLE RISK
2023-10-11 CVE-2023-39325 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption.
network
low complexity
golang fedoraproject netapp CWE-770
7.5
2023-10-10 CVE-2023-44487 Resource Exhaustion vulnerability in multiple products
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.5
2023-02-28 CVE-2022-41723 Unspecified vulnerability in Golang GO
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
network
low complexity
golang
7.5