denial of service from HTTP/2 Rapid Reset in google.golang.org/grpc
Discription

An attacker can send HTTP/2 requests, cancel them, and send subsequent requests. This is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit, `grpc.MaxConcurrentStreams`. This results in a denial of service due to resource consumption.Read More

Back to Main

Subscribe for the latest news: