Denial of service when parsing large forms in mime/multipart

2022-02-1523:56:14

Google

osv.dev

0.001 Low

EPSS

Percentile

48.7%

JSON

When parsing large multipart/form-data, an attacker can cause a HTTP server to open a large number of file descriptors. This may be used as a denial-of-service vector.

CPENameOperatorVersion
stdliblt1.6.4
stdlibge1.7.0-0
stdliblt1.7.4

Name	Operator	Version
stdlib	lt	1.6.4
stdlib	ge	1.7.0-0
stdlib	lt	1.7.4

References

go.dev/cl/30410

go.dev/issue/16296

go.googlesource.com/go/+/7478ea5dba7ed02ddffd91c1d17ec8141f7cf184

groups.google.com/g/golang-dev/c/4NdLzS8sls8/m/uIz8QlnIBQAJ

0.001 Low

EPSS

Percentile

48.7%

JSON

Related for OSV:GO-2021-0172