Published: 05/10/2017 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an malicious user to generate a multipart request crafted such that the server ran out of file descriptors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
golang go

The net/http package's RequestParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors ...

CWE-769 https://golang.org/issue/17965 https://golang.org/cl/30410 https://groups.google.com/forum/#%21msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-1000098

CVE-2017-1000098

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect