85 matches found
EulerOS 2.0 SP11 : golang (EulerOS-SA-2025-1657)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a...
Security update for go1.23
This update for go1.23 fixes the following issues: go1.23.10 released 2025-06-05 includes security fixes to the /http and os packages, as well as bug fixes to the linker. bsc1229122 go1.23 release tracking CVE-2025-0913 CVE-2025-4673 CVE-2025-0913: os: inconsistent handling of OCREATE|OEXCL on Un...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
Fedora: Security Advisory (FEDORA-2025-82090f2bcc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-27077
Stack Overflow vulnerability found in 360 D901 allows a remote attacker to cause a Distributed Denial of Service DDOS via a crafted HTTP package...
ROS-20250417-08
A vulnerability in the net/http package of the Go programming language is related to a flaw in HTTP request handling. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
Fedora 41 : golang (2025-77ace1a41b)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-77ace1a41b advisory. Includes security fixes to the net/http package, as well as bug fixes to the runtime and the go command. Full changelog. Tenable has extracted the...
Security Bulletin: IBM Concert Software is vulnerable to multiple issues
Summary IBM Concert Software uses multiple open source libraries which are susceptible to various security vulnerabilities. Vulnerability Details CVEID:CVE-2024-3154 DESCRIPTION: CRI-O could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an arbitrary...
BIT-GOLANG-2025-22871 Request smuggling due to acceptance of invalid chunked data in net/http
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...
golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect
A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header redirected to b.com/ will not send that header to b.com. However, the...
The vulnerability of the Go programming language’s net/http package, related to deficiencies in HTTP request processing, allows attackers to execute arbitrary code.
The vulnerability of the net/http package in the Go programming language is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2025-22871
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...
CVE-2025-22871 Request smuggling due to acceptance of invalid chunked data in net/http
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...
CVE-2025-22871 Request smuggling due to acceptance of invalid chunked data in net/http
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...
CVE-2025-22871
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...
CVE-2025-22871
CVE-2025-22871 affects the Go net/http package and describes a vulnerability where a bare LF in chunked transfer encoding can be misinterpreted as part of a chunk-ext, enabling request smuggling when paired with a server/proxy that also accepts bare LFs in extensions. Connected documents confirm ...
CVE-2025-22871
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...
GO-2025-3563 Request smuggling due to acceptance of invalid chunked data in net/http
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...