net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.

References

github.com/golang/go/issues/45710

groups.google.com/g/golang-announce/c/cu9SP4eSXMc

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/

security.gentoo.org/glsa/202208-02

altlinux 2

openvas 10

nessus 26

cbl_mariner 1

amazon 2

gitlab 2

prion 2

osv 5

ibm 27

alpinelinux 1

nvd 2

cgr 1

fedora 2

veracode 1

f5 1

freebsd 1

debiancve 1

suse 1

cve 2

ubuntucve 1

github 1

wolfi 1

redhatcve 3

photon 5

redhat 20

rocky 1

cvelist 1

oraclelinux 1

almalinux 1

mageia 1

gentoo 1

altlinux

Security fix for the ALT Linux 9 package golang version 1.15.12-alt1

2021-05-11 00:00:00

Security fix for the ALT Linux 10 package golang version 1.16.4-alt1

2021-05-06 00:00:00

openvas

Fedora: Security Advisory for golang (FEDORA-2021-ee3c072cd0)

2021-06-24 00:00:00

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2021-2551)

2021-09-28 00:00:00

SUSE: Security Advisory (SUSE-SU-2021:2085-1)

2021-06-20 00:00:00

nessus

EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-2527)

2021-09-27 00:00:00

EulerOS 2.0 SP5 : golang (EulerOS-SA-2021-2497)

2021-09-27 00:00:00

Photon OS 4.0: Go PHSA-2021-4.0-0046

2021-06-21 00:00:00

cbl_mariner

CVE-2021-31525 affecting package golang 1.15.11-1

2021-07-08 21:56:48

amazon

Medium: golang

2021-06-16 20:37:00

Medium: golang

2021-07-08 18:38:00

gitlab

Uncontrolled Recursion

2022-05-24 00:00:00

Uncontrolled Recursion

2022-05-24 00:00:00

prion

Code injection

2021-05-27 13:15:00

Design/Logic Flaw

2022-08-26 16:15:00

osv

CVE-2021-31525

2021-05-27 13:15:08

golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion

2022-05-24 19:03:29

BIT-golang-2021-31525

2024-03-06 11:05:35

ibm

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Go vulnerability CVE-2021-31525

2021-10-08 15:27:53

Security Bulletin: A security vulnerability in Golang Go affects IBM Cloud Pak for Multicloud Management Managed services

2021-07-26 16:55:31

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Golang (CVE-2021-31525)

2022-04-22 13:59:38

alpinelinux

CVE-2021-31525

2021-05-27 13:15:08

nvd

CVE-2021-31525

2021-05-27 13:15:08

CVE-2021-3703

2022-08-26 16:15:09

cgr

CVE-2021-31525 vulnerabilities

2024-05-19 03:07:16

fedora

[SECURITY] Fedora 33 Update: golang-1.15.12-1.fc33

2021-05-19 01:31:16

[SECURITY] Fedora 34 Update: golang-1.16.4-1.fc34

2021-06-22 01:01:50

veracode

Stack Overflow

2021-05-09 02:20:52

K55518036 : GO vulnerability CVE-2021-31525

2021-11-03 00:00:00

freebsd

go -- net/http: ReadRequest can stack overflow due to recursion with very large headers

2021-04-22 00:00:00

debiancve

CVE-2021-31525

2021-05-27 13:15:08

suse

Security update for go1.15 (moderate)

2021-06-24 00:00:00

cve

CVE-2021-31525

2021-05-27 13:15:08

CVE-2021-3703

2022-08-26 16:15:09

ubuntucve

CVE-2021-31525

2021-05-27 00:00:00

github

golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion

2022-05-24 19:03:29

wolfi

CVE-2021-31525 vulnerabilities

2024-06-09 15:34:28

redhatcve

CVE-2021-31525

2021-05-11 20:55:42

CVE-2021-23161

2021-08-19 07:33:56

CVE-2021-3703

2021-09-13 23:23:31

photon

Moderate Photon OS Security Update - PHSA-2021-0276

2021-07-29 00:00:00

Moderate Photon OS Security Update - PHSA-2021-3.0-0276

2021-07-29 00:00:00

Important Photon OS Security Update - PHSA-2021-0046

2021-06-15 00:00:00

redhat

(RHSA-2022:0308) Moderate: OpenShift Container Storage 3.11.z security and bug fix update

2022-01-27 13:03:28

(RHSA-2021:2704) Moderate: Release of OpenShift Serverless Client kn 1.16.0

2021-07-13 16:30:23

(RHSA-2021:4103) Moderate: OpenShift Virtualization 4.9.0 RPMs security and bug fix update

2021-11-02 13:25:34

rocky

go-toolset:rhel8 security, bug fix, and enhancement update

2021-08-10 12:00:58

cvelist

CVE-2021-3703

2022-08-26 15:25:40

oraclelinux

go-toolset:ol8 security, bug fix, and enhancement update

2021-08-12 00:00:00

almalinux

Moderate: go-toolset:rhel8 security, bug fix, and enhancement update

2021-08-10 12:00:58

mageia

Updated golang packages fix security vulnerabilities

2021-07-25 11:34:17

gentoo

Go: Multiple Vulnerabilities

2022-08-04 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.1 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.2%

JSON

Related for CVELIST:CVE-2021-31525