Vulnerability Report: GO-2022-0288
- CVE-2021-44716, GHSA-vc3p-29h2-gpcp
- Affects: net/http, golang.org/x/net
- Published: Jul 15, 2022
- Modified: Jun 12, 2023
An attacker can cause unbounded memory growth in servers accepting HTTP/2 requests.
Affected Packages
-
PathVersionsSymbols
-
before go1.16.12, from go1.17.0-0 before go1.17.5all symbols
-
before v0.0.0-20211209124913-491a49abca63
Aliases
References
- https://go.dev/cl/369794
- https://go.dev/issue/50058
- https://groups.google.com/g/golang-announce/c/hcmEScgc00k
- https://vuln.go.dev/ID/GO-2022-0288.json
Credits
- murakmii
Feedback
See anything missing or incorrect?
Suggest an edit to this report.