| packages: |
| - module: std |
| package: mime/multipart |
| symbols: |
| - Reader.readForm |
| versions: |
| - fixed: 1.6.4 |
| - introduced: 1.7.0 |
| fixed: 1.7.4 |
| description: | |
| When parsing large multipart/form-data, an attacker can |
| cause a HTTP server to open a large number of file |
| descriptors. This may be used as a denial-of-service |
| vector. |
| published: 2022-02-15T23:56:14Z |
| cves: |
| - CVE-2017-1000098 |
| credit: Simon Rawet |
| links: |
| pr: https://go.dev/cl/30410 |
| commit: https://go.googlesource.com/go/+/7478ea5dba7ed02ddffd91c1d17ec8141f7cf184 |
| context: |
| - https://go.dev/issue/16296 |
| - https://groups.google.com/g/golang-dev/c/4NdLzS8sls8/m/uIz8QlnIBQAJ |