Количество 8
Количество 8
CVE-2025-58186
[net/http: lack of limit when parsing cookies can cause memory exhaustion]
CVE-2025-58186
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
CVE-2025-58186
Lack of limit when parsing cookies can cause memory exhaustion in net/http
CVE-2025-58186
Despite HTTP headers having a default limit of 1MB, the number of cook ...
GHSA-rjcg-56ph-3qvg
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
SUSE-SU-2025:3682-1
Security update for go1.24
SUSE-SU-2025:03547-1
Security update for go1.25
ROS-20251029-07
Множественные уязвимости golang
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-58186 [net/http: lack of limit when parsing cookies can cause memory exhaustion] | CVSS3: 5.3 | 0% Низкий | 27 дней назад |
 | CVE-2025-58186 Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption. | CVSS3: 5.3 | 0% Низкий | 7 дней назад |
 | CVE-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http | 0% Низкий | 6 дней назад | |
| CVE-2025-58186 Despite HTTP headers having a default limit of 1MB, the number of cook ... | CVSS3: 5.3 | 0% Низкий | 7 дней назад |
| GHSA-rjcg-56ph-3qvg Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption. | CVSS3: 5.3 | 0% Низкий | 7 дней назад |
 | SUSE-SU-2025:3682-1 Security update for go1.24 | 16 дней назад | ||
| SUSE-SU-2025:03547-1 Security update for go1.25 | 26 дней назад | ||
 | ROS-20251029-07 Множественные уязвимости golang | CVSS3: 8.2 | 8 дней назад |
Уязвимостей на страницу