Описание
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
EPSS
5.3 Medium
CVSS3
Дефекты
Связанные уязвимости
[net/http: lack of limit when parsing cookies can cause memory exhaustion]
Lack of limit when parsing cookies can cause memory exhaustion in net/http
Despite HTTP headers having a default limit of 1MB, the number of cook ...
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
EPSS
5.3 Medium
CVSS3