Skip to content

net/http: verify HTTP2 implementation against recent CVEs #16825

@jabley

Description

@jabley

http://www.securityweek.com/high-profile-vulnerabilities-affect-http2-report discussed various issues reported at Black Hat USA 2016.

This is a placeholder to confirm that Go isn't vulnerable to:

  1. Slow Read (CVE-2016-1546)
  2. HPACK Bomb (CVE-2016-1544, CVE-2016-2525)
  3. Stream Reuse (CVE-2016-0150)
  4. Dependency Cycle Attack (CVE-2015-8659)

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions