We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
@neild requested issue #65383 to be considered for backport to the next 1.21 minor release.
@gopherbot please open backport issues for this security fix.
The text was updated successfully, but these errors were encountered:
Change https://go.dev/cl/569240 mentions this issue: [release-branch.go1.21] net/textproto, mime/multipart: avoid unbounded read in MIME header
[release-branch.go1.21] net/textproto, mime/multipart: avoid unbounded read in MIME header
Sorry, something went wrong.
Closed by merging bf80213 to release-branch.go1.21.
[release-branch.go1.21] net/textproto, mime/multipart: avoid unbounde…
bf80213
…d read in MIME header mime/multipart.Reader.ReadForm allows specifying the maximum amount of memory that will be consumed by the form. While this limit is correctly applied to the parsed form data structure, it was not being applied to individual header lines in a form. For example, when presented with a form containing a header line that never ends, ReadForm will continue to read the line until it runs out of memory. Limit the amount of data consumed when reading a header. Fixes CVE-2023-45290 Fixes #65389 For #65383 Change-Id: I7f9264d25752009e95f6b2c80e3d76aaf321d658 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2134435 Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-by: Tatiana Bradley <[email protected]> Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2173776 Reviewed-by: Carlos Amedee <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/569240 Auto-Submit: Michael Knyszek <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Carlos Amedee <[email protected]>
No branches or pull requests
@neild requested issue #65383 to be considered for backport to the next 1.21 minor release.
The text was updated successfully, but these errors were encountered: