CVE-2022-41723

CVSS v3.1 7.5 (High)

EPSS 3.04 % (91^th)

Affected Products 3

Advisories 66

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

Weaknesses

CWE-NVD-Other

Related CVEs

CVE-2024-4436

CVE Status: PUBLISHED
CNA: Go Project
Published Date: 2023-02-28 18:15:09
(18 months ago)
Updated Date: 2023-11-25 11:15:10
(9 months ago)

Affected Products

Golang

Go
Hpack
Http2

Configuration #1

	CPE23	Up To
Golang Go prior 1.19.6 version	cpe:2.3:a:golang:go	< 1.19.6
Golang Go 1.20.0	cpe:2.3:a:golang:go:1.20.0:-
Golang Hpack for Go prior 0.7.0 version	cpe:2.3:a:golang:hpack::::::go	< 0.7.0
Golang Http2 for Go prior 0.7.0 version	cpe:2.3:a:golang:http2::::::go	< 0.7.0