You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
http2 vulnerability
About this tag
The http2 vulnerability tag covers discussions about CVE-2023-39325, a denial-of-service flaw in Go's HTTP/2 implementation known as the "rapid reset" attack. This vulnerability allows rapid stream resets to overwhelm servers. Content on this tag focuses on the fix in Go upstream versions, Microsoft's attestation that Azure Linux includes the affected library, and the broader implications for Microsoft products. Users seeking information about HTTP/2 security issues, Go library vulnerabilities, and their impact on Azure Linux will find relevant discussions here.
Go’s net/http HTTP/2 “rapid reset” weakness (CVE-2023-39325) is real, it was fixed upstream, and Microsoft’s short public mapping that “Azure Linux includes this open‑source library and is therefore potentially affected” is an authoritative product‑level attestation — but it is not a blanket...