golang is vulnerable to denial of service. The vulnerability exists due to an uncontrolled resource consumption flaw in golang’s net/http library in the canonicalHeader() function which allows an attacker to submits maliciously crafted requests to applications linked with net/http’s http2 functionality and crash the system.