CVE-2023-45288
- EPSS 66.64%
- Veröffentlicht 04.04.2024 21:15:16
- Zuletzt bearbeitet 21.11.2024 08:26:42
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When...
CVE-2023-39325
- EPSS 0.15%
- Veröffentlicht 11.10.2023 22:15:09
- Zuletzt bearbeitet 21.11.2024 08:15:09
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-prog...
CVE-2023-44487
- EPSS 94.44%
- Veröffentlicht 10.10.2023 14:15:10
- Zuletzt bearbeitet 11.06.2025 17:29:54
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2022-41723
- EPSS 0.23%
- Veröffentlicht 28.02.2023 18:15:09
- Zuletzt bearbeitet 05.05.2025 16:15:20
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
CVE-2022-41717
- EPSS 0.44%
- Veröffentlicht 08.12.2022 20:15:10
- Zuletzt bearbeitet 21.11.2024 07:23:43
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending v...