Go · Net/Http Package · CVE-2017-1000098
**Name of the Vulnerable Software and Affected Versions**
net/http package (affected versions not specified)
**Description**
The issue arises when the net/http package's Request.ParseMultipartForm method handles large multipart requests, potentially leading to a denial-of-service situation. An attacker can craft a multipart request that causes the server to run out of file descriptors, as the method starts writing to temporary files once the request body size exceeds the given "maxMemory" limit.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.