CVE-2026-27141
- EPSS 0.02%
- Veröffentlicht 26.02.2026 18:50:31
- Zuletzt bearbeitet 27.02.2026 20:21:37
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic
CVE-2023-45288
- EPSS 71.46%
- Veröffentlicht 04.04.2024 21:15:16
- Zuletzt bearbeitet 04.11.2025 19:16:01
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When...
CVE-2023-39325
- EPSS 0.15%
- Veröffentlicht 11.10.2023 22:15:09
- Zuletzt bearbeitet 21.11.2024 08:15:09
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-prog...
CVE-2023-44487
- EPSS 94.39%
- Veröffentlicht 10.10.2023 14:15:10
- Zuletzt bearbeitet 07.11.2025 19:00:41
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2022-41723
- EPSS 0.27%
- Veröffentlicht 28.02.2023 18:15:09
- Zuletzt bearbeitet 05.05.2025 16:15:20
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
CVE-2022-41717
- EPSS 0.33%
- Veröffentlicht 08.12.2022 20:15:10
- Zuletzt bearbeitet 21.11.2024 07:23:43
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending v...