blob: c92997006a1338f31dba68704f6934b7a93a36a6 [file] [log] [blame]
id: GO-2022-0288
modules:
- module: std
versions:
- fixed: 1.16.12
- introduced: 1.17.0-0
- fixed: 1.17.5
vulnerable_at: 1.17.4
packages:
- package: net/http
symbols:
- http2serverConn.canonicalHeader
- module: golang.org/x/net
versions:
- fixed: 0.0.0-20211209124913-491a49abca63
vulnerable_at: 0.0.0-20211208012354-db4efeb81f4b
packages:
- package: golang.org/x/net/http2
symbols:
- serverConn.canonicalHeader
derived_symbols:
- Server.ServeConn
summary: Unbounded memory growth in net/http and golang.org/x/net/http2
description: |-
An attacker can cause unbounded memory growth in servers accepting HTTP/2
requests.
published: 2022-07-15T23:08:33Z
cves:
- CVE-2021-44716
ghsas:
- GHSA-vc3p-29h2-gpcp
credits:
- murakmii
references:
- fix: https://go.dev/cl/369794
- report: https://go.dev/issue/50058
- web: https://groups.google.com/g/golang-announce/c/hcmEScgc00k
review_status: REVIEWED