Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-58186

Опубликовано: 29 окт. 2025
Источник: debian
EPSS Низкий

Описание

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.25fixed1.25.2-1package
golang-1.24fixed1.24.8-1package
golang-1.24no-dsatrixiepackage
golang-1.23removedpackage
golang-1.19removedpackage
golang-1.19no-dsabookwormpackage
golang-1.15removedpackage
golang-1.15postponedbullseyepackage

Примечания

  • https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ

  • https://github.com/golang/go/issues/75672

  • https://github.com/golang/go/commit/100c5a66802b5a895b1d0e5ed3b7918f899c4833 (go1.25.2)

  • https://github.com/golang/go/commit/c6b04dd33b0215f5deb83724661921842bf67607 (go1.24.8)

EPSS

Процентиль: 8%
0.0003
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-58186

CVSS3: 5.3
ubuntu
3 месяца назад

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.

nvd логотип

CVE-2025-58186

CVSS3: 5.3
nvd
3 месяца назад

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.

msrc логотип

CVE-2025-58186

msrc
около 1 месяца назад

Lack of limit when parsing cookies can cause memory exhaustion in net/http

github логотип

GHSA-rjcg-56ph-3qvg

CVSS3: 5.3
github
3 месяца назад

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.

fstec логотип

BDU:2025-14529

CVSS3: 5.3
fstec
3 месяца назад

Уязвимость компонента net/http языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 8%
0.0003
Низкий