Описание
The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Enterprise 3 | golang | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) Operational Tools | golang | Not affected | ||
| Red Hat OpenStack Platform 8 (Liberty) Operational Tools | golang | Will not fix | ||
| Red Hat OpenStack Platform 9 (Mitaka) Operational Tools | golang | Will not fix | ||
| Red Hat Enterprise Linux 7 | golang | Fixed | RHSA-2017:1859 | 01.08.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Связанные уязвимости
The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors.
The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors.
The net/http package's Request.ParseMultipartForm method starts writin ...
The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors.
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2