Описание
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-1.20 | fixed | 1.20.1-1 | package | |
| golang-1.19 | fixed | 1.19.6-1 | experimental | package |
| golang-1.19 | fixed | 1.19.6-2 | package | |
| golang-1.15 | removed | package | ||
| golang-1.15 | no-dsa | bullseye | package | |
| golang-1.11 | removed | package | ||
| golang-1.11 | postponed | buster | package | |
| golang-golang-x-net | fixed | 1:0.7.0+dfsg-1 | package | |
| golang-golang-x-net | no-dsa | bullseye | package |
Примечания
https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
https://go.dev/issue/57855
EPSS
Связанные уязвимости
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
EPSS