CVE-2022-41723

Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

Description

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

Severity

Ecosystem

Publish Date

February 16, 2023

Modified Date

May 20, 2024

Score Vector

Affected Versions