Go Standard Library Net Textproto vulnerabilities
5 known vulnerabilities affecting go_standard_library/net_textproto.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2023-24534P3HIGHCVSS 7.5fixed in 1.19.8≥ 1.20.0-0, < 1.20.32023-04-06
CVE-2023-24534 [HIGH] CWE-400 CVE-2023-24534: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, p
HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit t
nvd
CVE-2023-24536P3HIGHCVSS 7.5fixed in 1.19.8≥ 1.20.0-0, < 1.20.32023-04-06
CVE-2023-24536 [HIGH] CWE-770 CVE-2023-24536: Multipart form parsing can consume large amounts of CPU and memory when processing form inputs conta
Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs t
nvd
CVE-2023-45290P4MEDIUMCVSS 6.5fixed in 1.21.8≥ 1.22.0-0, < 1.22.12024-03-05
CVE-2023-45290 [MEDIUM] CWE-770 CVE-2023-45290: When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with
When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to
nvd
CVE-2026-42507P4MEDIUMCVSS 5.3fixed in 1.25.11≥ 1.26.0-0, < 1.26.42026-06-02
CVE-2026-42507 [MEDIUM] CVE-2026-42507: When returning errors, functions in the net/textproto package would include its input as part of the
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged.
nvd
CVE-2025-61724P4MEDIUMCVSS 5.3fixed in 1.24.8≥ 1.25.0, < 1.25.22025-10-29
CVE-2025-61724 [MEDIUM] CWE-770 CVE-2025-61724: The Reader.ReadResponse function constructs a response string through repeated string concatenation
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.
nvd