x/vulndb: potential Go vuln in golang.org/x/net/http2: GHSA-xrjj-mj9h-534m

[GoVulnBot]

In GitHub Security Advisory GHSA-xrjj-mj9h-534m, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
golang.org/x/net/http2	0.4.0	< 0.4.0

Cross references:

• CVE-2022-41717 appears in issue x/vulndb: potential Go vuln in std: CVE-2022-41717 #1144

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: golang.org/x/net/http2
    versions:
      - fixed: 0.4.0
    packages:
      - package: golang.org/x/net/http2
description: An attacker can cause excessive memory growth in a Go server accepting
    HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys
    sent by the client. While the total number of entries in this cache is capped,
    an attacker sending very large keys can cause the server to allocate approximately
    64 MiB per open connection.
cves:
  - CVE-2022-41717
ghsas:
  - GHSA-xrjj-mj9h-534m

[tatianab]

Duplicate of #1144

[gopherbot]

Change https://go.dev/cl/464317 mentions this issue: data/reports: add missing alias to GO-2022-1144.yaml