Lucene search

go -- net/http: ReadRequest can stack overflow due to recursion with very large headers

🗓️ 22 Apr 2021 00:00:00Reported by FreeBSDType

http.ReadRequest stack overflow vulnerability with large header

Reporter	Title	Published	Views	Family All 148
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Go vulnerability CVE-2021-31525	8 Oct 202115:27	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability in Golang Go affects IBM Cloud Pak for Multicloud Management Managed services	26 Jul 202116:55	–	ibm
IBM Security Bulletins	Security Bulletin: Golang Go Vulnerability Affects IBM Watson Machine Learning on CP4D (CVE-2021-31525)	2 Sep 202118:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM API Connect is impacted by a vulnerability in Golang (CVE-2021-31525)	24 Aug 202121:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container Operator may be vulnerable to DoS caused by a flaw in Golang module net/http (CVE-2021-31525)	14 Jul 202122:56	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability in Golang GO affects IBM Cloud Automation Manager	16 Sep 202117:57	–	ibm
IBM Security Bulletins	Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Golang (CVE-2021-31525)	22 Apr 202213:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Netezza for Cloud Pak for Data is vulnerable to denial of service due to Golang net package (CVE-2021-27918, CVE-2021-44716, CVE-2021-31525)	8 Aug 202217:39	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Netezza as a Service is vulnerable to denial of service due to Golang net package (CVE-2021-33194, CVE-2021-44716, CVE-2021-31525)	28 Jun 202211:57	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities have been found in Golang Go which is shipped with Cloud Pak System	6 May 202219:21	–	ibm

Source	Link
github	www.github.com/golang/go/issues/45710

OS	OS Version	Architecture	Package	Package Version	Filename
FreeBSD	any	noarch	go	1.16.4,1	UNKNOWN

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

22 Apr 2021 00:00Current

3Low risk

Vulners AI Score3

CVSS22.6

CVSS35.9

EPSS0.00579