CVSS: 7.8EPSS: 36%CPEs: 8EXPL: 0CVE-2023-39325 – HTTP/2 rapid reset can cause excessive work in net/http
https://notcve.org/view.php?id=CVE-2023-39325
11 Oct 2023 — A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). N... • https://go.dev/cl/534215 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2022-28948 – golang-gopkg-yaml: crash when attempting to deserialize invalid input
https://notcve.org/view.php?id=CVE-2022-28948
19 May 2022 — An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input. Un problema en la función Unmarshal de Go-Yaml versión v3, causa el bloqueo del programa cuando intenta de serializar una entrada no válida A flaw was found in the Unmarshal function in Go-Yaml. This vulnerability results in program crashes when attempting to convert (or deserialize) invalid input data, potentially impacting system stability and reliability. New Cryostat 2.1.1 on RHEL 8... • https://github.com/go-yaml/yaml/issues/666 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24921 – golang: regexp: stack exhaustion via a deeply nested expression
https://notcve.org/view.php?id=CVE-2022-24921
05 Mar 2022 — regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. El archivo regexp.Compile en Go versiones anteriores a 1.16.15 y versiones 1.17.x anteriores a 1.17.8, permite un agotamiento de la pila por medio de una expresión profundamente anidada A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient ... • https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •