An attacker can cause unbounded memory growth in servers accepting HTTP/2 requests.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2022-0288" }
{ "imports": [ { "path": "net/http", "symbols": [ "http2serverConn.canonicalHeader" ] } ] }
{ "imports": [ { "path": "golang.org/x/net/http2", "symbols": [ "Server.ServeConn", "serverConn.canonicalHeader" ] } ] }