Home > Vulnerability Database > CVE-2023-45290

Mend.io Vulnerability Database

CVE-2023-45290

Good to know:

Date: March 5, 2024

When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.

Language: Go

Severity Score

7.5

Related Resources (9)

Url: https://go.dev/cl/569341

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-45290

Url: https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg

Url: https://pkg.go.dev/vuln/GO-2024-2599

Url: https://security-tracker.debian.org/tracker/CVE-2023-45290

Url: https://security.netapp.com/advisory/ntap-20240329-0004/

Url: https://go.dev/issue/65383

Url: http://www.openwall.com/lists/oss-security/2024/03/08/4

Url: https://www.mend.io/vulnerability-database/CVE-2023-45290

Severity Score

7.5

Top Fix

Upgrade Version

Upgrade to version go1.21.8,go1.22.1

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-45290

Good to know:

Date: March 5, 2024

Language: Go

Severity Score

Related Resources (9)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?