a36286cf89
This addresses the same CVE as is patched in go1.19.6. From that announcement: > net/http: avoid quadratic complexity in HPACK decoding > > A maliciously crafted HTTP/2 stream could cause excessive CPU consumption > in the HPACK decoder, sufficient to cause a denial of service from a small > number of small requests. > > This issue is also fixed in golang.org/x/net/http2 v0.7.0, for users manually > configuring HTTP/2. > > This is CVE-2022-41723 and Go issue https://go.dev/issue/57855. full diff: https://github.com/golang/net/compare/v0.5.0...v0.7.0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> |
||
|---|---|---|
| .. | ||
| encode.go | ||
| hpack.go | ||
| huffman.go | ||
| static_table.go | ||
| tables.go | ||