CVE-2021-44716: Uncontrolled Resource Consumption
(updated )
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
References
- github.com/advisories/GHSA-vc3p-29h2-gpcp
- go.dev/cl/369794
- go.dev/issue/50058
- groups.google.com/g/golang-announce/c/hcmEScgc00k
- lists.debian.org/debian-lts-announce/2022/01/msg00016.html
- lists.debian.org/debian-lts-announce/2022/01/msg00017.html
- nvd.nist.gov/vuln/detail/CVE-2021-44716
- pkg.go.dev/vuln/GO-2022-0288
- security.gentoo.org/glsa/202208-02
- security.netapp.com/advisory/ntap-20220121-0002/
Detect and mitigate CVE-2021-44716 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →