http2 vulnerability

About this tag
The http2 vulnerability tag covers discussions about CVE-2023-39325, a denial-of-service flaw in Go's HTTP/2 implementation known as the "rapid reset" attack. This vulnerability allows rapid stream resets to overwhelm servers. Content on this tag focuses on the fix in Go upstream versions, Microsoft's attestation that Azure Linux includes the affected library, and the broader implications for Microsoft products. Users seeking information about HTTP/2 security issues, Go library vulnerabilities, and their impact on Azure Linux will find relevant discussions here.
  1. CVE-2023-39325: Go HTTP/2 Rapid Reset Fix and Azure Linux Attestation

    Go’s net/http HTTP/2 “rapid reset” weakness (CVE-2023-39325) is real, it was fixed upstream, and Microsoft’s short public mapping that “Azure Linux includes this open‑source library and is therefore potentially affected” is an authoritative product‑level attestation — but it is not a blanket...