Denial of Service Vulnerability in Go's net/http Module
CVE-2021-31525

5.9MEDIUM

Key Information:

Vendor

Golang

Status
Vendor
CVE Published:
27 May 2021

What is CVE-2021-31525?

The net/http module in Go, prior to versions 1.15.12 and 1.16.4, contains a vulnerability that allows remote attackers to induce a denial of service through the handling of oversized headers during the ReadRequest or ReadResponse processes. This can potentially compromise server, transport, or client operations depending on the configuration, thereby disrupting normal functionality.

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.