发布时间: 2023年2月10日
修改时间: 2024年10月31日
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | None |
| Attack Vector | Network | Network |
| CVSS评分 | 5.3 | 5.3 |
| Attack Complexity | Low | Low |
| Privileges Required | None | None |
| Scope | Unchanged | Unchanged |
| Integrity | None | None |
| User Interaction | None | None |
| Availability | Low | Low |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2023-1141 | golang security update | 2023年2月17日 |
| KylinSec-SA-2023-1144 | golang security update | 2023年2月10日 |
| KylinSec-SA-2023-1147 | golang security update | 2023年2月10日 |
| KylinSec-SA-2023-2084 | golang security update | 2023年2月10日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | golang | Fixed |
| KY3.4-5A | golang | Fixed |
| KY3.5.1 | golang | Fixed |
| KY3.5.2 | golang | Fixed |
