reports/GO-2021-0172.yaml - vulndb - Git at Google

 module: std
 package: mime/multipart
 versions:
 - fixed: go1.6.4
 - fixed: go1.7.4
 - fixed: go1.8.0
 description: |
   When parsing large multipart/form-data, an attacker can
   cause a HTTP server to open a large number of file
   descriptors. This may be used as a denial-of-service
   vector.
 cves:
 - CVE-2017-1000098
 credit: Simon Rawet
 symbols:
 - Reader.readForm
 links:
   pr: https://go.dev/cl/30410
   commit: https://go.googlesource.com/go/+/7478ea5dba7ed02ddffd91c1d17ec8141f7cf184
   context:
   - https://groups.google.com/g/golang-dev/c/4NdLzS8sls8/m/uIz8QlnIBQAJ
	module: std
	package: mime/multipart
	versions:
	- fixed: go1.6.4
	- fixed: go1.7.4
	- fixed: go1.8.0
	description: \|
	When parsing large multipart/form-data, an attacker can
	cause a HTTP server to open a large number of file
	descriptors. This may be used as a denial-of-service
	vector.
	cves:
	- CVE-2017-1000098
	credit: Simon Rawet
	symbols:
	- Reader.readForm
	links:
	pr: https://go.dev/cl/30410
	commit: https://go.googlesource.com/go/+/7478ea5dba7ed02ddffd91c1d17ec8141f7cf184
	context:
	- https://groups.google.com/g/golang-dev/c/4NdLzS8sls8/m/uIz8QlnIBQAJ