golang.org/x/net/http2 allows uncontrolled memory consumption

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

Uncontrolled Resource Consumption

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

CVE-2021-44716

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

CVE-2021-44716

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

AZL-33592 CVE-2021-44716 affecting package jx for versions less than 3.2.236-16

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

AZL-39672 CVE-2021-44716 affecting package cri-o for versions less than 1.21.7-2

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

CVE-2021-44716

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

Design/Logic Flaw

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

CVE-2021-44716

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

CVE-2021-44716

CVE-2021-44716 affects Go's net/http implementation: before Go 1.16.12 and 1.17.x before 1.17.5, HTTP/2 header canonicalization can cause uncontrolled memory consumption. The vulnerability is rooted in the header cache behavior. Multiple connected advisories indicate that upgrades resolve the iss...

CVE-2021-44716

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

CVE-2021-44716

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

SUSE SLED15 / SLES15 Security Update : go1.16 (SUSE-SU-2021:4169-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4169-1 advisory. Updated to upstream version 1.16.12 to include security fixes to the compiler, syscall, runtime, the net/http,...

SUSE SLED15 / SLES15 Security Update : go1.17 (SUSE-SU-2021:4186-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4186-1 advisory. Updated to upstream version 1.17.5 to include fixes to the compiler, linker, syscall, runtime, the net/http, go/types, and...

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.4.10 security update

A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.10 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

FreeBSD : go -- multiple vulnerabilities (720505fe-593f-11ec-9ba8-002324b2fba8)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 720505fe-593f-11ec-9ba8-002324b2fba8 advisory. - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumptio...

Denial Of Service (DoS)

servicemesh is vulnerable to denial of service. The vulnerability exists due to a lack of check on the envoys procedure for resetting a HTTP/2 stream has ON^2 complexity...

DEBIAN-CVE-2021-43535

A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 93, Thunderbird 91.3, and Firefox ESR 91.3...

Armeria path traversal vulnerability

Armeria is an open source library for building asynchronous microservers that use HTTP/2 as the session layer protocol.Armeria is vulnerable to a path traversal vulnerability that stems from a flaw in the software's path validation logic. An attacker could send an HTTP request with a path...