Mitigate HTTP/2 Continuation Floods

Question

Mitigate HTTP/2 Continuation Floods

emersonian opened this issue 10 months ago · 1 comments

Lightwalletd instances are likely vulnerable to HTTP/2 continuation floods. Golang released a security update. Triggering a CI build using the latest Go version should fix this for us.

References:

https://nowotarski.info/http2-continuation-flood/

https://nowotarski.info/http2-continuation-flood-technical-details/

https://pkg.go.dev/vuln/GO-2024-2687

https://www.cve.org/CVERecord?id=CVE-2023-45288

Answer 1 · 2024-04-22T16:42:24.000Z

Closed by #479.