1. Home
  2. Packages
  3. golang
  4. golang.org/x/net
  5. http2

pkg:golang/golang.org/x/net/http2

Type golang
Namespace golang.org/x/net
Name http2

Known advisories, vulnerabilities and fixes for golang.org/x/net/http2 package.

Repository
https://pkg.go.dev/golang.org/x/net/http2
High 6
Medium 1
Type Version Distribution # CVEs # Advisory ID Title Severity Published
Affected >= 0.0.0-20211208012354-db4efeb81f4b, < 0.0.0-20211209124913-491a49abca63 CVE-2021-44716
go GO-2022-0288 Unbounded memory growth in net/http and golang.org/x/net/http2 high 2022-08-12T17:19:52
(2 years ago)
Fixed = 0.0.0-20211209124913-491a49abca63 CVE-2021-44716
go GO-2022-0288 Unbounded memory growth in net/http and golang.org/x/net/http2 high 2022-08-12T17:19:52
(2 years ago)
Affected >= 0.0.0-20190607181551-461777fb6f67, < 0.0.0-20190813141303-74dc4d7220e7 CVE-2019-9512
CVE-2019-9514
go GO-2022-0536 Reset flood in net/http and golang.org/x/net/http high 2022-08-12T17:19:52
(2 years ago)
Fixed = 0.0.0-20190813141303-74dc4d7220e7 CVE-2019-9512
CVE-2019-9514
go GO-2022-0536 Reset flood in net/http and golang.org/x/net/http high 2022-08-12T17:19:52
(2 years ago)
Affected >= 0.0.0-20220826154423-83b083e8dc8b, < 0.0.0-20220906165146-f3363e06e74c CVE-2022-27664
go GO-2022-0969 Denial of service in net/http and golang.org/x/net/http2 high 2022-09-12T18:23:01
(2 years ago)
Fixed = 0.0.0-20220906165146-f3363e06e74c CVE-2022-27664
go GO-2022-0969 Denial of service in net/http and golang.org/x/net/http2 high 2022-09-12T18:23:01
(2 years ago)
Affected >= 0.3.0, < 0.4.0 CVE-2022-41717
go GO-2022-1144 Excessive memory growth in net/http and golang.org/x/net/http2 medium 2022-12-08T17:16:22
(21 months ago)
Fixed = 0.4.0 CVE-2022-41717
go GO-2022-1144 Excessive memory growth in net/http and golang.org/x/net/http2 medium 2022-12-08T17:16:22
(21 months ago)
Affected >= 0.6.1-0.20230213185550-547e7edf3873, < 0.7.0 CVE-2022-41723
go GO-2023-1571 Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net high 2023-02-16T21:43:34
(19 months ago)
Fixed = 0.7.0 CVE-2022-41723
go GO-2023-1571 Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net high 2023-02-16T21:43:34
(19 months ago)
Affected >= 0.16.0, < 0.17.0 CVE-2023-39325
go GO-2023-2102 HTTP/2 rapid reset can cause excessive work in net/http high 2023-10-10T19:15:38
(11 months ago)
Fixed = 0.17.0 CVE-2023-39325
go GO-2023-2102 HTTP/2 rapid reset can cause excessive work in net/http high 2023-10-10T19:15:38
(11 months ago)
Affected >= 0.22.0, < 0.23.0 CVE-2023-45288
go GO-2024-2687 HTTP/2 CONTINUATION flood in net/http high 2024-04-03T17:40:45
(5 months ago)
Fixed = 0.23.0 CVE-2023-45288
go GO-2024-2687 HTTP/2 CONTINUATION flood in net/http high 2024-04-03T17:40:45
(5 months ago)