Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-61726

Опубликовано: 28 янв. 2026
Источник: debian
EPSS Низкий

Описание

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.25fixed1.25.6-1package
golang-1.24fixed1.24.12-1package
golang-1.24no-dsatrixiepackage
golang-1.19removedpackage
golang-1.19no-dsabookwormpackage
golang-1.15removedpackage
golang-1.15postponedbullseyepackage

Примечания

  • https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc

  • https://github.com/golang/go/issues/77101

  • Fixed by: https://github.com/golang/go/commit/afa9b66ac081d3b239d8c1a226b5e884c8435185 (go1.25.6)

  • Fixed by: https://github.com/golang/go/commit/85c794ddce26a092b0ea68d0fca79028b5069d5a (go1.24.12)

EPSS

Процентиль: 5%
0.00023
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-61726

CVSS3: 7.5
ubuntu
10 дней назад

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.

nvd логотип

CVE-2025-61726

CVSS3: 7.5
nvd
10 дней назад

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.

github логотип

GHSA-gm9r-q53w-2gh4

CVSS3: 7.5
github
10 дней назад

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.

suse-cvrf логотип

openSUSE-SU-2026:20085-1

suse-cvrf
16 дней назад

Security update for go1.25

suse-cvrf логотип

openSUSE-SU-2026:20077-1

suse-cvrf
16 дней назад

Security update for go1.24

EPSS

Процентиль: 5%
0.00023
Низкий