5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
0.003 Low
EPSS
Percentile
68.9%
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
CPE | Name | Operator | Version |
---|---|---|---|
golang.org/x/net/http2 | lt | 0.4.0 | |
golang.org/x/net | lt | 0.4.0 |
cs.opensource.google/go/x/net
go.dev/cl/455635
go.dev/cl/455717
go.dev/issue/56350
groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ
lists.fedoraproject.org/archives/list/[email protected]/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2
lists.fedoraproject.org/archives/list/[email protected]/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP
lists.fedoraproject.org/archives/list/[email protected]/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4
lists.fedoraproject.org/archives/list/[email protected]/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR
lists.fedoraproject.org/archives/list/[email protected]/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG
lists.fedoraproject.org/archives/list/[email protected]/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B
lists.fedoraproject.org/archives/list/[email protected]/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB
lists.fedoraproject.org/archives/list/[email protected]/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P
lists.fedoraproject.org/archives/list/[email protected]/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522
lists.fedoraproject.org/archives/list/[email protected]/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR
lists.fedoraproject.org/archives/list/[email protected]/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT
lists.fedoraproject.org/archives/list/[email protected]/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS
lists.fedoraproject.org/archives/list/[email protected]/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD
lists.fedoraproject.org/archives/list/[email protected]/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU
lists.fedoraproject.org/archives/list/[email protected]/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI
lists.fedoraproject.org/archives/list/[email protected]/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I
lists.fedoraproject.org/archives/list/[email protected]/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV
nvd.nist.gov/vuln/detail/CVE-2022-41717
pkg.go.dev/vuln/GO-2022-1144
security.gentoo.org/glsa/202311-09