1 results (0.009 seconds)
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-41723 – Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net
https://notcve.org/view.php?id=CVE-2022-41723
28 Feb 2023 — A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests. Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial ... • https://go.dev/cl/468135 • CWE-400: Uncontrolled Resource Consumption •