AZL-52878

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-52878.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-52878

Upstream

CVE-2023-24534

Published

2023-04-06T16:15:07Z

Modified

2026-04-01T05:17:54.514665Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2023-24534 affecting package golang for versions less than 1.20.7-1

Details

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-24534

Affected packages

Azure Linux:3 / golang

Package

Name: golang
Purl: pkg:rpm/azure-linux/golang

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.20.7-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-52878.json"