x/vulndb: potential Go vuln in golang.org/x/net/http: GHSA-hgr8-6h9x-f7q9 #1540

GoVulnBot · 2023-02-08T01:01:16Z

In GitHub Security Advisory GHSA-hgr8-6h9x-f7q9, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
golang.org/x/net/http	0.0.0-20190813141303-74dc4d7220e7	< 0.0.0-20190813141303-74dc4d7220e7

Cross references:

CVE-2019-9512 appears in issue x/vulndb: potential Go vuln in std: CVE-2019-9512, CVE-2019-9514 #536

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: golang.org/x/net/http
    versions:
      - fixed: 0.0.0-20190813141303-74dc4d7220e7
    packages:
      - package: golang.org/x/net/http
description: Some HTTP/2 implementations are vulnerable to ping floods, potentially
    leading to a denial of service. The attacker sends continual pings to an HTTP/2
    peer, causing the peer to build an internal queue of responses. Depending on how
    efficiently this data is queued, this can consume excess CPU, memory, or both.
cves:
  - CVE-2019-9512
ghsas:
  - GHSA-hgr8-6h9x-f7q9

The text was updated successfully, but these errors were encountered:

tatianab · 2023-02-08T18:11:54Z

Duplicate of #536

tatianab added the duplicate label Feb 8, 2023

tatianab marked this as a duplicate of #536 Feb 8, 2023

tatianab closed this as completed Feb 8, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

x/vulndb: potential Go vuln in golang.org/x/net/http: GHSA-hgr8-6h9x-f7q9 #1540

x/vulndb: potential Go vuln in golang.org/x/net/http: GHSA-hgr8-6h9x-f7q9 #1540

GoVulnBot commented Feb 8, 2023

tatianab commented Feb 8, 2023

Uh oh!

x/vulndb: potential Go vuln in golang.org/x/net/http: GHSA-hgr8-6h9x-f7q9 #1540

x/vulndb: potential Go vuln in golang.org/x/net/http: GHSA-hgr8-6h9x-f7q9 #1540

Comments

GoVulnBot commented Feb 8, 2023

tatianab commented Feb 8, 2023

Uh oh!