Skip to content

/ go

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net/http: verify HTTP2 implementation against recent CVEs #16825

Closed
jabley opened this issue Aug 21, 2016 · 2 comments
Closed

net/http: verify HTTP2 implementation against recent CVEs #16825

jabley opened this issue Aug 21, 2016 · 2 comments
Labels
FrozenDueToAge

Comments

@jabley
Copy link

@jabley jabley commented Aug 21, 2016

http://www.securityweek.com/high-profile-vulnerabilities-affect-http2-report discussed various issues reported at Black Hat USA 2016.

This is a placeholder to confirm that Go isn't vulnerable to:

  1. Slow Read (CVE-2016-1546)
  2. HPACK Bomb (CVE-2016-1544, CVE-2016-2525)
  3. Stream Reuse (CVE-2016-0150)
  4. Dependency Cycle Attack (CVE-2015-8659)
@bystones
Copy link

@bystones bystones commented Aug 21, 2016

This looks like a duplicate of #16630?
@josharian josharian changed the title Verify HTTP2 implementation against recent CVEs net/http: verify HTTP2 implementation against recent CVEs Aug 21, 2016
@jabley
Copy link
Author

@jabley jabley commented Aug 21, 2016

Yeah, sorry.
@jabley jabley closed this Aug 21, 2016
@golang golang locked and limited conversation to collaborators Aug 21, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
@jabley @bystones @gopherbot
You can’t perform that action at this time.