Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| golang.org/x/net(Go) | 0 | 0.0.0-20190813141303-74dc4d7220e7 | N/A |
CVSS Metrics
