Go Standard Library Net Textproto vulnerabilities

CVE-2025-61724 [MEDIUM] CWE-770 CVE-2025-61724: The Reader.ReadResponse function constructs a response string through repeated string concatenation The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.

CVE-2023-45290 [MEDIUM] CWE-770 CVE-2023-45290: When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to

CVE-2023-24534 [HIGH] CWE-400 CVE-2023-24534: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, p HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit t

CVE-2023-24536 [HIGH] CWE-770 CVE-2023-24536: Multipart form parsing can consume large amounts of CPU and memory when processing form inputs conta Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs t