CVE-2020-15586

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Go versions 1.13.x through 1.13.12 Go versions 1.14.x through 1.14.4

Description The issue is related to a data race in some net/http servers. This occurs when the server concurrently reads a request body and writes a response, as demonstrated by the httputil.ReverseProxy Handler. This can cause the server to crash.

Recommendations For Go versions 1.13.x through 1.13.12, update to version 1.13.13 or later to resolve the issue. For Go versions 1.14.x through 1.14.4, update to version 1.14.5 or later to resolve the issue. As a temporary workaround, consider restricting concurrent access to the httputil.ReverseProxy Handler to minimize the risk of a data race.

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2020-1411

ALT-PU-2020-2439

ALT-PU-2020-2456

AZL-38206

AZL-79042

BIT-GOLANG-2020-15586

CESA-2020_3665

CVE-2020-15586

DLA-2459-1

DLA-2460-1

DSA-4848-1

GO-2021-0224

MGASA-2020-0325

OPENSUSE-SU-2020:1087-1

OPENSUSE-SU-2020:1095-1

OPENSUSE-SU-2020:1405-1

OPENSUSE-SU-2020:1407-1

OPENSUSE-SU-2020_1087-1

OPENSUSE-SU-2020_1095-1

OPENSUSE-SU-2020_1405-1

OPENSUSE-SU-2020_1407-1

OPENSUSE-SU-2024:10806-1

OPENSUSE-SU-2024:10807-1

RHSA-2020:3665

RHSA-2020:4214

RHSA-2020:4297

RHSA-2020:5119

RHSA-2020:5606

RHSA-2020:5649

RHSA-2020_3665

RHSA-2021:0172

RHSA-2021:0713

RHSA-2021:0956

RHSA-2021:1016

RHSA-2021:1366

RHSA-2021:2122

RHSA-2021:4103

SUSE-SU-2020:2562-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

CVE-2020-15586

Weakness Enumeration

Related Identifiers

Affected Products

References · 76