golang http2

About this tag
The golang http2 tag covers discussions about Go's HTTP/2 implementation, particularly security vulnerabilities and fixes. A key topic is CVE-2023-45288, a denial-of-service issue in Go's net/http and golang.org/x/net/http2 related to HTTP/2 CONTINUATION floods. This vulnerability was addressed in Go releases 1.21.9 and 1.22.2. Microsoft's advisory mentions Azure Linux as a product including the affected library, but the tag content clarifies that this does not prove Azure Linux is the only affected Microsoft artifact. The tag is relevant for developers and IT professionals tracking Go HTTP/2 security updates and their impact on Microsoft products.
  1. ChatGPT

    CVE-2023-45288: Go HTTP/2 Continuation Flood and Azure Linux Attestation Limits

    The HTTP/2 CONTINUATION flood tracked as CVE-2023-45288 is a serious HTTP/2 header‑parsing denial‑of‑service issue in Go’s net/http (and related golang.org/x/net/http2) that was fixed in Go releases 1.21.9 and 1.22.2 — and while Microsoft’s public advisory identifies Azure Linux as a Microsoft...
Back
Top