Denial of Service Vulnerability in Go's net/http Module
CVE-2021-31525
5.9MEDIUM
What is CVE-2021-31525?
The net/http module in Go, prior to versions 1.15.12 and 1.16.4, contains a vulnerability that allows remote attackers to induce a denial of service through the handling of oversized headers during the ReadRequest or ReadResponse processes. This can potentially compromise server, transport, or client operations depending on the configuration, thereby disrupting normal functionality.