{ "id": "GO-2023-1571", "published": "0001-01-01T00:00:00Z", "modified": "0001-01-01T00:00:00Z", "aliases": [ "CVE-2022-41723", "GHSA-vvpx-j8f3-3w6h" ], "details": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", "affected": [ { "package": { "name": "stdlib", "ecosystem": "Go" }, "ranges": [ { "type": "SEMVER", "events": [ { "introduced": "0" }, { "fixed": "1.19.6" }, { "introduced": "1.20.0" }, { "fixed": "1.20.1" } ] } ], "database_specific": { "url": "https://pkg.go.dev/vuln/GO-2023-1571" }, "ecosystem_specific": { "imports": [ { "path": "net/http" } ] } }, { "package": { "name": "golang.org/x/net", "ecosystem": "Go" }, "ranges": [ { "type": "SEMVER", "events": [ { "introduced": "0" }, { "fixed": "0.7.0" } ] } ], "database_specific": { "url": "https://pkg.go.dev/vuln/GO-2023-1571" }, "ecosystem_specific": { "imports": [ { "path": "golang.org/x/net/http2" }, { "path": "golang.org/x/net/http2/hpack", "symbols": [ "Decoder.DecodeFull", "Decoder.Write", "Decoder.parseFieldLiteral", "Decoder.readString" ] } ] } } ], "references": [ { "type": "REPORT", "url": "https://go.dev/issue/57855" }, { "type": "FIX", "url": "https://go.dev/cl/468135" }, { "type": "FIX", "url": "https://go.dev/cl/468295" }, { "type": "WEB", "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E" } ], "credits": [ { "name": "Philippe Antoine (Catena cyber)" } ], "schema_version": "1.3.1" }