Lucene search
K

5 matches found

CVE
CVE
added 2023/10/10 12:0 a.m.5303 views

CVE-2023-44487

CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...

7.5CVSS8AI score0.99999EPSS
In wild
CVE
CVE
added 2023/10/11 9:15 p.m.3204 views

CVE-2023-39325

CVE-2023-39325 describes a DoS in HTTP/2 handling where a malicious client rapidly creates and resets requests, potentially exhausting server resources. The fix tightens per-connection concurrency handling: servers bound the number of executing handler goroutines to the stream-concurrency limit (...

7.5CVSS7.3AI score0.03796EPSS
CVE
CVE
added 2022/12/08 7:3 p.m.872 views

CVE-2022-41717

CVE-2022-41717 affects Go HTTP/2 servers by allowing an attacker to trigger excessive memory growth via oversized header keys. The vulnerability stems from the HTTP/2 header key cache, which can allocate about 64 MiB per open connection when handling large keys. Several connected advisories confi...

5.3CVSS6.8AI score0.05623EPSS
CVE
CVE
added 2023/02/28 5:19 p.m.714 views

CVE-2022-41723

CVE-2022-41723 describes a denial-of-service in the HPACK decoder triggered by a malicious HTTP/2 stream, causing excessive CPU use. Public documents list affected ecosystems across Go HTTP/2/x/net implementations and various distributions (e.g., Red Hat OpenStack platforms, Astra Linux, CBLMarin...

7.5CVSS7.7AI score0.04561EPSS
CVE
CVE
added 2026/05/07 7:41 p.m.95 views

CVE-2026-33814

CVE-2026-33814 describes an infinite loop in HTTP/2 transport when a SETTINGS_MAX_FRAME_SIZE value of 0 is processed in net/http/internal/http2 (golang.org/x/net). Affected component is the HTTP/2 transport; root cause is improper handling of SETTINGS frames causing repeated CONTINUATION frames, ...

7.5CVSS5.8AI score0.00781EPSS