Preface: If artificial intelligence could create the world. Do you know how his creation differs from Genesis? Artificial intelligence focuses on efficiency, and everything needs to be fast.

But God is concerned with the balance of nature. Therefore, the development of everything is not rapid.

Background: HTTP/2 enables full request and response multiplexing. In practice, this means a connection made to a web server from your browser can be used to send multiple requests and receive multiple responses. This eliminates some of the time it takes to establish a new connection for each request.

The GOAWAY frame in HTTP/2 (type=0x7) is used to initiate the shutdown of a connection or to signal serious error conditions. When a server sends a GOAWAY frame, it tells the client to stop creating new streams on the connection. However, it allows the server to finish processing any streams that were already in progress. This mechanism is useful for administrative actions, such as server maintenance, as it allows for a graceful shutdown without abruptly terminating ongoing request.

Vulnerability details: A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.

Official announcement: Please refer to the link for details – https://access.redhat.com/errata/RHSA-2025:1613