CVE-2017-1000098

描述

When parsing large multipart/form-data, an attacker can cause a HTTP server to open a large number of file descriptors. This may be used as a denial-of-service vector.

受影響套件(2)

• Debian/golangfrom 0, < 2:1.0.2-1.1+deb7u1
• Go/stdlibfrom 0, < 1.6.4, >= 1.7.0-0, < 1.7.4

參考連結(4)

• PATCHhttps://go.dev/cl/30410
• PATCHhttps://go.googlesource.com/go/+/7478ea5dba7ed02ddffd91c1d17ec8141f7cf184
• REPORThttps://go.dev/issue/16296
• WEBhttps://groups.google.com/g/golang-dev/c/4NdLzS8sls8/m/uIz8QlnIBQAJ