Golang.Org X Net Http2 vulnerabilities

CVE-2023-45288 [MEDIUM] CWE-400 net/http, x/net/http2: close connections when receiving too many headers net/http, x/net/http2: close connections when receiving too many headers An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to s

CVE-2022-41717 [MEDIUM] CWE-770 golang.org/x/net/http2 vulnerable to possible excessive memory growth golang.org/x/net/http2 vulnerable to possible excessive memory growth An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open

CVE-2022-27664 [HIGH] golang.org/x/net/http2 Denial of Service vulnerability golang.org/x/net/http2 Denial of Service vulnerability In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

CVE-2021-44716 [HIGH] CWE-400 golang.org/x/net/http2 allows uncontrolled memory consumption golang.org/x/net/http2 allows uncontrolled memory consumption net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.