Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:39427
HistoryFeb 26, 2023 - 12:22 p.m.

Denial Of Service (DoS)

2023-02-2612:22:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
19
denial of service
github.com/golang/net
hpack decoder
http/2 stream
application crash

EPSS

0.042

Percentile

92.4%

github.com/golang/net is vulnerable to Denial of Service (DoS) attacks. An attacker is able to cause excessive CPU consumption through the HPACK decoder via a small number of maliciously crafted HTTP/2 stream requests, resulting in an application crash.

Affected configurations

Vulners
Node
golangnetRangev0.6.0
OR
-golang.org\/x\/netRangev0.6.0
VendorProductVersionCPE
golangnet*cpe:2.3:a:golang:net:*:*:*:*:*:*:*:*
-golang.org\/x\/net*cpe:2.3:a:-:golang.org\/x\/net:*:*:*:*:*:*:*:*

References