h2

cargo

An HTTP/2 client and server

Audits

PE Patrick Elsen 2026-05-28

h2@0.4.14

h2 0.4.14 implements HTTP/2 (RFC 9113) as an async client and server library. One unsafe block with a documented and sound invariant. Active mitigations for HPACK bomb, CONTINUATION flooding, and Rapid Reset (CVE-2023-44487) are present by default. Flow-control arithmetic uses checked operations. No findings.

concurrency-documentedconcurrency-safehas-binarieshas-build-exechas-fuzz-testshas-install-exechas-integration-testshas-property-testshas-unit-testsimpl-algorithmimpl-concurrencyimpl-cryptoimpl-datastructureimpl-interpreterimpl-jitimpl-parserimpl-protocolis-benignparser-impl-safeparser-impl-testedprotocol-impl-safeprotocol-impl-testedunsafe-documentedunsafe-minimalunsafe-safeuses-concurrencyuses-cryptouses-environmentuses-execuses-filesystemuses-interpreteruses-jituses-networkuses-unsafe