View all vulnerabilities

CVE-2022-41723

Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
Score Vector
Affected Versions
stdlib >= 1.20.0-0 < 1.20.1; golang.org/x/net < 0.7.0
Severity
Ecosystem
GO
Publish Date
February 16, 2023
Modified Date
May 20, 2024