VDB

DEBIAN-CVE-2023-45290

DEBIAN-CVE-2023-45290 PUBLISHED CVSS 6.5 MEDIUM

When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Debian:12golang-1.190, 1.19.10-1, 1.19.10-2
Debian:11golang-1.150, 1.15.15-1, 1.15.15-1~deb11u1

Timeline

  • Mar 5, 2024 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›