Josselin Costanzi

**Name of the Vulnerable Software and Affected Versions** net/http versions prior to the fixed version **Description** The issue is related to the net/http package in the Go programming language, which is vulnerable to excessive memory growth due to unbounded resource allocation. An attacker can cause this growth by sending very large HTTP header keys, allowing them to allocate approximately 64 MiB per open connection. This can lead to a denial of service. **Recommendations** For net/http versions prior to the fixed version, consider limiting the canonical header cache by bytes, not entries, to prevent excessive memory growth. As a temporary workaround, restrict the size of HTTP header keys sent by clients to minimize the risk of exploitation.