2 matches found
Exploit for Uncontrolled Resource Consumption in Ietf Http
CVE-2023-44487 and http2-rst-stream-attacker CVE-2023-4448...
golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...