CVE-2023-45288MEDIUM≥ 0, < 1.21.9·≥ 1.22.0-0, < 1.22.22024-04-04
CVE-2023-45288 [MEDIUM] CWE-400 net/http, x/net/http2: close connections when receiving too many headers
net/http, x/net/http2: close connections when receiving too many headers
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to s
ghsaosv