 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2023-45290 |
| Description: | When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines. |
| Test IDs: | None available |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-45290 https://go.dev/cl/569341 https://go.dev/cl/569341 https://go.dev/issue/65383 https://go.dev/issue/65383 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2599 https://pkg.go.dev/vuln/GO-2024-2599 http://www.openwall.com/lists/oss-security/2024/03/08/4 |