GHSA-hgr8-6h9x-f7q9

Source

https://github.com/advisories/GHSA-hgr8-6h9x-f7q9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hgr8-6h9x-f7q9/GHSA-hgr8-6h9x-f7q9.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hgr8-6h9x-f7q9

Aliases

Related

Published

2022-05-24T16:53:17Z

Modified

2024-09-11T06:13:30.918700Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

golang.org/x/net/http vulnerable to ping floods

Details

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

Specific Go Packages Affected

golang.org/x/net/http2

References

Affected packages

Go / golang.org/x/net

Package

Name: golang.org/x/net; View open source insights on deps.dev
Purl: pkg:golang/golang.org/x/net

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.0.0-20190813141303-74dc4d7220e7