Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-45290

Опубликовано: 05 мар. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 6.5

Описание

When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

questing

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra-legacy/trusty

needs-triage

esm-infra/bionic

needs-triage

esm-infra/focal

DNE

esm-infra/xenial

needs-triage

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

oracular

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/bionic

needs-triage

esm-apps/jammy

needs-triage

esm-apps/xenial

needs-triage

esm-infra/focal

needs-triage

focal

ignored

end of standard support, was needs-triage
jammy

needs-triage

mantic

DNE

noble

DNE

oracular

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

needs-triage

focal

ignored

end of standard support, was needs-triage
jammy

DNE

mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

questing

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/bionic

needs-triage

esm-apps/focal

needs-triage

focal

ignored

end of standard support, was needs-triage
jammy

DNE

mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

questing

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

released

1.17.13-3ubuntu1.3
mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

questing

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/bionic

released

1.18.1-1ubuntu1~18.04.4+esm1
esm-apps/focal

released

1.18.1-1ubuntu1~20.04.3
esm-apps/xenial

released

1.18.1-1ubuntu1~16.04.6+esm1
focal

released

1.18.1-1ubuntu1~20.04.3
jammy

released

1.18.1-1ubuntu1.2
mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

questing

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/focal

needs-triage

esm-apps/jammy

needs-triage

focal

ignored

end of standard support, was needs-triage
jammy

needs-triage

mantic

ignored

end of life, was needs-triage
noble

DNE

oracular

DNE

plucky

DNE

questing

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/focal

released

1.21.1-1~ubuntu20.04.3
esm-apps/jammy

released

1.21.1-1~ubuntu22.04.3
esm-apps/noble

not-affected

focal

released

1.21.1-1~ubuntu20.04.3
jammy

released

1.21.1-1~ubuntu22.04.3
mantic

ignored

end of life, was needed
noble

not-affected

1.21.9-1
oracular

DNE

plucky

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/focal

not-affected

1.22.2-2~20.04
esm-apps/jammy

not-affected

1.22.2-2~22.04
focal

not-affected

1.22.2-2~20.04
jammy

not-affected

1.22.2-2~22.04
mantic

not-affected

1.22.2-2~23.10
noble

not-affected

1.22.2-2
oracular

not-affected

1.22.4-1
plucky

DNE

questing

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

esm-infra/xenial

needs-triage

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

questing

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/bionic

needs-triage

esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

questing

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/bionic

needs-triage

esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

questing

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 55%
0.00327
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2023-45290

CVSS3: 5.3
redhat
больше 1 года назад

When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.

nvd логотип

CVE-2023-45290

CVSS3: 6.5
nvd
больше 1 года назад

When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.

msrc логотип

CVE-2023-45290

CVSS3: 6.5
msrc
около 2 месяцев назад

Memory exhaustion in multipart form parsing in net/textproto and net/http

debian логотип

CVE-2023-45290

CVSS3: 6.5
debian
больше 1 года назад

When parsing a multipart form (either explicitly with Request.ParseMul ...

rocky логотип

RLSA-2024:3830

rocky
больше 1 года назад

Moderate: gvisor-tap-vsock security and bug fix update

EPSS

Процентиль: 55%
0.00327
Низкий

6.5 Medium

CVSS3

Уязвимость CVE-2023-45290