PT-2025-42739 · Golang+4 · Golang+4

Jub0Bs

Published

2025-01-01

Updated

2026-03-12

CVE-2025-58186

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions golang versions 1.15 and 1.19

Description A flaw exists in the cookie parsing functionality of the net/http package. An absence of limits during cookie parsing can lead to excessive memory consumption, potentially resulting in memory exhaustion.

Recommendations Update to a newer version that contains a fix for this vulnerability.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALT-PU-2025-12749

ALT-PU-2025-13232

AZL-69140

AZL-69254

AZL-78911

BDU:2025-14529

BIT-GOLANG-2025-58186

CLEANSTART-2025-EU07511

CVE-2025-58186

ECHO-5D63-3B88-E70A

GO-2025-4012

MGASA-2025-0256

OPENSUSE-SU-2025:15608-1

OPENSUSE-SU-2025:15609-1

OPENSUSE-SU-2025:15695-1

OPENSUSE-SU-2025:15723-1

OPENSUSE-SU-2025:20157-1

OPENSUSE-SU-2025:20158-1

OPENSUSE-SU-2026:20301-1

OPENSUSE-SU-2026:20308-1

RHSA-2026:7291

RHSA-2026:7385

SUSE-SU-2025:03547-1

SUSE-SU-2025:21192-1

SUSE-SU-2025:21193-1

SUSE-SU-2025:3682-1

SUSE-SU-2026:0296-1

SUSE-SU-2026:0297-1

SUSE-SU-2026:0298-1

SUSE-SU-2026:0308-1

SUSE-SU-2026:20623-1

SUSE-SU-2026:20629-1

Affected Products

Alt Linux

Debian

Red Os

Suse

Golang

PT-2025-42739 · Golang+4 · Golang+4

CVE-2025-58186

Weakness Enumeration

Related Identifiers

Affected Products

References · 143