CVE-2023-24534: net/http, net/textproto: denial of service from excessive memory allocation

zeromicro / go-zero

A cloud-native Go microservices framework with cli tool for productivity.

https://go-zero.dev

MIT License

29k stars 3.93k forks source link

CVE-2023-24534: net/http, net/textproto: denial of service from excessive memory allocation #3253

Closed KevinSolmssen closed 1 month ago

KevinSolmssen commented 1 year ago

There is a denial of service vulnerability in go 1.18 disclosed under CVE-2023-24534. This vulnerability has been patched in version 1.19 and 1.20 but not in 1.18, discussed here.

github-actions[bot] commented 4 months ago

This issue is stale because it has been open for 30 days with no activity.

github-actions[bot] commented 1 month ago

This issue was closed because it has been inactive for 14 days since being marked as stale.