HTTP Request Smuggling

Overview std/net/http/internal is a Go standard library package std/net/http/internal Affected versions of this package are vulnerable to HTTP Request Smuggling. Go Vulnerability Report:The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This c...

GO-2025-3563 Request smuggling due to acceptance of invalid chunked data in net/http

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...

ROS-20250403-13

Vulnerability of net/http, x/net/proxy and x/net/http/httpproxy packages of Go programming language is related to incorrect mapping of hosts to proxy server templates. Exploitation of the vulnerability could allow an intruder to affect confidentiality and availability of protected information...

SUSE CVE-2025-22871

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...

Linux Distros Unpatched Vulnerability : CVE-2024-24791

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an Expect: 100-continue header with a non-informational 200 or higher...

OESA-2025-1221 golang security update

. Security Fixes: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more...

Security Bulletin: IBM Storage Protect Server is susceptible to vulnerability in Golang Go (CVE-2023-45288).

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of availability of host system. This bulletin identifies the steps to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: An attacker may cause an HTTP/2...

Fedora: Security Advisory (FEDORA-2025-e8b9a6b564)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated golang packages fix security vulnerabilities

net/http: sensitive headers incorrectly sent after cross-domain redirect, CVE-2024-45336. crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints, CVE-2024-45341...

go -- multiple vulnerabilities

The Go project reports: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. net/http: sensitive headers incorrectly sent after...

PT-2025-14376

Name of the Vulnerable Software and Affected Versions Go versions 1.23 through 1.23.7 Go versions 1.24 through 1.24.1 Description The issue concerns a security fix for the net/http package. Recommendations For Go versions 1.23 through 1.23.7, update to version 1.23.8. For Go versions 1.24 through...

PT-2025-9733

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.24.1 and 1.23.7 Description A security issue was found in the net/http component. The estimated number of potentially affected devices worldwide is not specified. Details about real-world incidents where this issue was...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.42 bug fix and security update

Red Hat OpenShift Container Platform release 4.14.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

Moderate: Red Hat Security Advisory: OpenShift Virtualization 4.12.15 Images

Red Hat OpenShift Virtualization release 4.12.15 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...

Moderate: Red Hat Security Advisory: OpenShift Virtualization 4.13.11 Images

Red Hat OpenShift Virtualization release 4.13.11 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-2921)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: rhc-worker-script security update

An update for rhc-worker-script is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Ubuntu: Security Advisory (USN-7111-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

net/http: Denial of service due to improper 100-continue handling in net/http

A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service...

net/http: Denial of service due to improper 100-continue handling in net/http

A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service...