GMS-2023-418: Uncontrolled Resource Consumption

February 17, 2023

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

References

github.com/advisories/GHSA-vvpx-j8f3-3w6h
go.dev/cl/468135
go.dev/issue/57855
groups.google.com/g/golang-announce/c/V0aBFqaFs_E
nvd.nist.gov/vuln/detail/CVE-2022-41723
vuln.go.dev/ID/GO-2023-1571.json

Code Behaviors & Features

Detect and mitigate GMS-2023-418 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →