Ddos Golang

[Violette Ransone]

IfHTTP/2 inspection is enabled in PAN-OS, an ongoing distributed denial-of-service (DDoS) attack in inspected traffic will contribute towards the session capacity limit of the firewall. This can result in the intermittent availability of new firewall sessions and is consistent in impact with other volumetric DDoS attacks. Availability of new firewall sessions will recover naturally once the DDoS attack stops. Customers who have enabled Threat prevention ID 40152 (Applications and Threats content update 8765) blocks this attack from happening in inspected HTTP/2 traffic.

While Prisma Cloud Compute includes vulnerable versions of nghttp2 and golang packages, Prisma Cloud Compute software does not have any HTTP/2 web server endpoints and is not impacted by these vulnerabilities.

Third party dependencies nghttp2 and golang packages in Prisma Cloud Compute SaaS are upgraded out of abundance of caution in v31.02.137. No updates to Compute console or the deployed Defenders are required.

3a8082e126