A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

Affected Packages

Go golang.org/x/net

Affected versions: 0 (fixed in 0.7.0)

Related CVEs

CVE-2022-41723

Key Information

GHSA ID

GHSA-vvpx-j8f3-3w6h

Published

February 17, 2023 2:00 PM

Last Modified

May 20, 2024 9:46 PM

CVSS Score

7.5 /10

Primary Ecosystem

Primary Package

golang.org/x/net

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 18, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.