Lucene search
+L

10 matches found

OSV
OSV
added 2025/12/12 12:20 p.m.7 views

OESA-2025-2828 golang security update

. Security Fixes: The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses...

7.5CVSS6.9AI score0.00626EPSS
Exploits0References5
OSV
OSV
added 2025/12/12 12:20 p.m.4 views

OESA-2025-2826 golang security update

. Security Fixes: The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses...

5.3CVSS6.8AI score0.00534EPSS
Exploits0References3
Amazon
Amazon
added 2025/11/10 12:0 a.m.8 views

Important: docker

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

7.5CVSS6.9AI score0.00626EPSS
Exploits0
Amazon
Amazon
added 2025/11/10 12:0 a.m.13 views

Important: oci-add-hooks

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

7.5CVSS6.9AI score0.00626EPSS
Exploits0
Amazon
Amazon
added 2025/11/10 12:0 a.m.8 views

Important: golist

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

7.5CVSS6.9AI score0.00626EPSS
Exploits0
Amazon
Amazon
added 2025/11/10 12:0 a.m.8 views

Important: golist

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

7.5CVSS6.9AI score0.00626EPSS
Exploits0
OSV
OSV
added 2025/11/06 12:58 p.m.1 views

BIT-GOLANG-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...

5.3CVSS6.6AI score0.00534EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2025/10/31 1:6 a.m.3 views

Lack of limit when parsing cookies can cause memory exhaustion in net/http

...

5.3CVSS7AI score0.00534EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/10/29 10:10 p.m.3 views

CVE-2025-58186

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...

5.3CVSS7.8AI score0.00534EPSS
Exploits0
OSV
OSV
added 2025/10/29 9:50 p.m.6 views

GO-2025-4012 Lack of limit when parsing cookies can cause memory exhaustion in net/http

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...

5.3CVSS7AI score0.00534EPSS
Exploits0References3
Rows per page
Query Builder