Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-45290

Опубликовано: 05 мар. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 6.5

Описание

When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra-legacy/trusty

needs-triage

esm-infra/bionic

needs-triage

esm-infra/focal

DNE

esm-infra/xenial

needs-triage

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

oracular

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/bionic

needs-triage

esm-apps/jammy

needs-triage

esm-apps/xenial

needs-triage

esm-infra/focal

needs-triage

focal

ignored

end of standard support, was needs-triage
jammy

needs-triage

mantic

DNE

noble

DNE

oracular

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

needs-triage

focal

ignored

end of standard support, was needs-triage
jammy

DNE

mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/bionic

needs-triage

esm-apps/focal

needs-triage

focal

ignored

end of standard support, was needs-triage
jammy

DNE

mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

released

1.17.13-3ubuntu1.3
mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/bionic

released

1.18.1-1ubuntu1~18.04.4+esm1
esm-apps/xenial

released

1.18.1-1ubuntu1~16.04.6+esm1
esm-infra/focal

DNE

focal was released [1.18.1-1ubuntu1~20.04.3]
focal

released

1.18.1-1ubuntu1~20.04.3
jammy

released

1.18.1-1ubuntu1.2
mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal was needs-triage
focal

ignored

end of standard support, was needs-triage
jammy

needs-triage

mantic

ignored

end of life, was needs-triage
noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/noble

not-affected

esm-infra/focal

DNE

focal was released [1.21.1-1~ubuntu20.04.3]
focal

released

1.21.1-1~ubuntu20.04.3
jammy

released

1.21.1-1~ubuntu22.04.3
mantic

ignored

end of life, was needed
noble

not-affected

1.21.9-1
oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal was not-affected [1.22.2-2~20.04]
focal

not-affected

1.22.2-2~20.04
jammy

not-affected

1.22.2-2~22.04
mantic

not-affected

1.22.2-2~23.10
noble

not-affected

1.22.2-2
oracular

not-affected

1.22.4-1
plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

esm-infra/xenial

needs-triage

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/bionic

needs-triage

esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/bionic

needs-triage

esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 55%
0.00326
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-45290

CVSS3: 6.5
nvd
больше 1 года назад

When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.

debian логотип

CVE-2023-45290

CVSS3: 6.5
debian
больше 1 года назад

When parsing a multipart form (either explicitly with Request.ParseMul ...

rocky логотип

RLSA-2024:3830

rocky
около 1 года назад

Moderate: gvisor-tap-vsock security and bug fix update

github логотип

GHSA-rr6r-cfgf-gc6h

CVSS3: 6.5
github
больше 1 года назад

When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.

oracle-oval логотип

ELSA-2024-3831

oracle-oval
около 1 года назад

ELSA-2024-3831: containernetworking-plugins security and bug fix update (MODERATE)

EPSS

Процентиль: 55%
0.00326
Низкий

6.5 Medium

CVSS3