CVE-2017-1000098

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions net/http package (affected versions not specified)

Description The issue arises when the net/http package's Request.ParseMultipartForm method handles large multipart requests, potentially leading to a denial-of-service situation. An attacker can craft a multipart request that causes the server to run out of file descriptors, as the method starts writing to temporary files once the request body size exceeds the given "maxMemory" limit.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-769

Related Identifiers

ALT-PU-2017-1440

AZL-79016

CESA-2017_1859

CVE-2017-1000098

DLA-1123-1

GO-2021-0172

RHSA-2017:1859

RHSA-2017_1859

Affected Products

Alt Linux

Centos

Red Hat

Net/Http Package

CVE-2017-1000098

Weakness Enumeration

Related Identifiers

Affected Products

References · 15