CVE-2017-1000098

Name of the Vulnerable Software and Affected Versions net/http package (affected versions not specified)

Description The issue arises when the net/http package's Request.ParseMultipartForm method handles large multipart requests, potentially leading to a denial-of-service situation. An attacker can craft a multipart request that causes the server to run out of file descriptors, as the method starts writing to temporary files once the request body size exceeds the given "maxMemory" limit.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.