You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
http2 dos
About this tag
The http2 dos tag covers denial-of-service attacks that exploit HTTP/2 protocol features. Recent discussions include the HTTP/2 Bomb attack, which causes memory exhaustion via HPACK and flow control mechanisms on servers like nginx, Apache, and Microsoft IIS. Another topic is CVE-2023-45288, a Go HTTP/2 CONTINUATION flood affecting Azure Linux and other systems. These threads highlight how HTTP/2's performance optimizations can be weaponized for low-bandwidth, high-impact DoS attacks. The tag is relevant for IT professionals, server administrators, and security researchers dealing with HTTP/2 vulnerabilities and mitigations.
HTTP/2 Bomb is a newly disclosed remote denial-of-service attack, published in early June 2026 by Calif researchers, that can exhaust memory on default HTTP/2 deployments of nginx, Apache HTTP Server, Microsoft IIS, Envoy, and Cloudflare’s Pingora. The uncomfortable part is not that HTTP/2 has...
The HTTP/2 CONTINUATION flood tracked as CVE-2023-45288 is a serious HTTP/2 header‑parsing denial‑of‑service issue in Go’s net/http (and related golang.org/x/net/http2) that was fixed in Go releases 1.21.9 and 1.22.2 — and while Microsoft’s public advisory identifies Azure Linux as a Microsoft...