Security Advisory

CVE-2022-41717

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-12-08 19:03:53

Last updated 2025-02-13 16:33:08

Assigner Go

State PUBLISHED

Description

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

← Browse all CVEs View on cve.org ↗