A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Go | Golang | * | 1.19.6 (excluding) |
Go | Golang | 1.20.0 (including) | 1.20.0 (including) |
Hpack | Golang | * | 0.7.0 (excluding) |
Http2 | Golang | * | 0.7.0 (excluding) |