net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
{ "ubuntu_priority": "medium" }
{ "binaries": [ { "binary_name": "google-guest-agent", "binary_version": "20231004.02-0ubuntu1~20.04.3" } ], "availability": "No subscription required", "ubuntu_priority": "medium" }
{ "binaries": [ { "binary_name": "golang-golang-x-net-dev", "binary_version": "1:0.0+git20211209.491a49a+dfsg-1" } ], "availability": "No subscription required", "ubuntu_priority": "medium" }
{ "binaries": [ { "binary_name": "google-guest-agent", "binary_version": "20231004.02-0ubuntu1~22.04.3" } ], "availability": "No subscription required", "ubuntu_priority": "medium" }