Vulnerability Report: GO-2021-0172

standard library

CVE-2017-1000098
Affects: mime/multipart
Published: Feb 15, 2022
Modified: May 20, 2024

When parsing large multipart/form-data, an attacker can cause a HTTP server to open a large number of file descriptors. This may be used as a denial-of-service vector.

Affected Packages

Path

Go Versions

Symbols
mime/multipart

before go1.6.4, from go1.7.0-0 before go1.7.4
1 unexported affected symbols
- Reader.readForm

Aliases

CVE-2017-1000098

References

https://go.dev/cl/30410
https://go.googlesource.com/go/+/7478ea5dba7ed02ddffd91c1d17ec8141f7cf184
https://go.dev/issue/16296
https://groups.google.com/g/golang-dev/c/4NdLzS8sls8/m/uIz8QlnIBQAJ
https://vuln.go.dev/ID/GO-2021-0172.json

Credits

Simon Rawet

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL