2 matches found
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: golang (UTSA-2026-016812)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016812 advisory. Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as a=...
AZL-69140 CVE-2025-58186 affecting package msft-golang 1.24.13-1
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...