2 matches found
gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization
A flaw was found in the gorilla/schema package. Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of schema.Decoder.Decode on a struct with arrays ...
PT-2024-27455 · Unknown +5 · Gorilla/Schema +5
Name of the Vulnerable Software and Affected Versions: gorilla/schema versions prior to 1.4.1 Description: The issue concerns a memory exhaustion vulnerability in gorilla/schema. When schema.Decoder.Decode is run on a struct that has a field of type struct..., it opens up the possibility of...