Lucene search
+L

43 matches found

Cvelist
Cvelist
added 2025/04/08 8:4 p.m.57 views

CVE-2025-22871 Request smuggling due to acceptance of invalid chunked data in net/http

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...

0.00778EPSS
Exploits0References4
CVE
CVE
added 2025/04/08 8:4 p.m.378 views

CVE-2025-22871

CVE-2025-22871 affects the Go net/http package and describes a vulnerability where a bare LF in chunked transfer encoding can be misinterpreted as part of a chunk-ext, enabling request smuggling when paired with a server/proxy that also accepts bare LFs in extensions. Connected documents confirm ...

9.1CVSS6.9AI score0.00778EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2025/04/08 8:4 p.m.16 views

CVE-2025-22871

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...

9.1CVSS6.6AI score0.00778EPSS
Exploits0
OSV
OSV
added 2025/04/08 7:46 p.m.21 views

GO-2025-3563 Request smuggling due to acceptance of invalid chunked data in net/http

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...

9.1CVSS6.2AI score0.00778EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.19 views

PT-2025-14376

Name of the Vulnerable Software and Affected Versions Go versions 1.23 through 1.23.7 Go versions 1.24 through 1.24.1 Description The issue concerns a security fix for the net/http package. Recommendations For Go versions 1.23 through 1.23.7, update to version 1.23.8. For Go versions 1.24 through...

9.8CVSS7.4AI score0.00778EPSS
Exploits0References479
OSV
OSV
added 2024/11/07 10:8 a.m.14 views

SUSE-SU-2024:3938-1 Security update for go1.22-openssl

This update for go1.22-openssl fixes the following issues: This update ships go1.22-openssl 1.22.7.1 jscSLE-18320 - Update to version 1.22.7.1 cut from the go1.22-fips-release branch at the revision tagged go1.22.7-1-openssl-fips. Update to Go 1.22.7 229 - go1.22.7 released 2024-09-05 includes...

9.8CVSS8.4AI score0.91969EPSS
Exploits2References31
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/21 3:3 p.m.29 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326)

Summary Potential Golang Go Information disclosure vulnerabilitiy.CVE-2023-39326 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-39326 DESCRIPTION: Golang Go...

5.3CVSS5.9AI score0.01208EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/05 8:46 p.m.43 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Go Vulnerability Details CVEID:CVE-2023-45285 DESCRIPTION: Golang Go could allow a remote attacker to obtain sensitive information, caused by a flaw when using go get to fetch a module with the ".git" suffix...

9.8CVSS8.6AI score0.03796EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/25 5:26 a.m.49 views

Security Bulletin: IBM Event Streams is vulnerable to sensitive information leakage and directory traversal attack due to the Golang related packages (CVE-2023-45285, CVE-2023-39326, CVE-2023-45283).

Summary Golang Go is used by IBM Event Streams and could allow a remote attacker to obtain sensitive information, caused by a flaws in modules with ".git" suffix and in the net/http package. By sending specially crafted requests, an attacker can attain these privileges. Vulnerability Details...

7.5CVSS6.9AI score0.02758EPSS
Exploits0Affected Software1
Redos
Redos
added 2024/04/02 12:0 a.m.38 views

ROS-20240402-17

A vulnerability in the net/http package of the Go programming language is related to information disclosure. vulnerability could allow a remote attacker to disclose protected information. A vulnerability in the cmd-go component of the Go programming language is related to public data transmission...

7.5CVSS7.1AI score0.02758EPSS
Exploits0
OSV
OSV
added 2024/03/06 10:56 a.m.26 views

BIT-GOLANG-2023-24536 Excessive resource consumption in net/http, net/textproto and mime/multipart

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

7.5CVSS8.7AI score0.01479EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2024/03/05 6:17 p.m.5 views

golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests

A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body up to 1GiB, causing the receiver to fail reading the response, possibly leading to a Denial of Servic...

5.3CVSS7.3AI score0.01208EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/12/14 12:0 a.m.12 views

Fedora 38 : golang (2023-ace2655259)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-ace2655259 advisory. This release includes security fixes to the go command, and the net/http and path/filepath packages, as well as bug fixes to the compiler and the go command...

5.6AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/06/23 4:43 a.m.6 views

golang: net/http, mime/multipart: denial of service from excessive resource consumption

A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service...

7.5CVSS6.7AI score0.01231EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2023/04/06 4:15 p.m.50 views

CVE-2023-24536

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

7.5CVSS6.7AI score0.01479EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2023/04/06 3:50 p.m.42 views

CVE-2023-24536

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

7.5CVSS6.5AI score0.01479EPSS
Exploits0
OSV
OSV
added 2023/04/06 3:50 p.m.25 views

CVE-2023-24536 Excessive resource consumption in net/http, net/textproto and mime/multipart

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

7.5CVSS7AI score0.01479EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.20 views

PT-2022-4659

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.18.6 Go versions 1.19.x prior to 1.19.1 Description The issue is related to the net/http package in Go, where an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error, leading to a denial ...

10CVSS5.8AI score0.99999EPSS
Exploits91References456
Github Security Blog
Github Security Blog
added 2022/01/12 10:33 p.m.78 views

Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints

Impact The net/http Go package has a reported vulnerability tracked under CVE-2021-44716 which allows attacker controlled HTTP/2 requests to trigger unbounded memory usage in HTTP/2 endpoints. gRPC endpoints are not vulnerable as they rely on their own HTTP/2 implementation instead of the net/htt...

7.5CVSS0.1AI score0.03958EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2021/01/11 9:59 p.m.4 views

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

5.9CVSS7.3AI score0.02906EPSS
Exploits0References5
Rows per page
Query Builder