FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

go -- net/http: ReadRequest can stack overflow due to recursion with very large headers

Affected packages
go < 1.16.4,1

Details

VuXML ID 7f242313-aea5-11eb-8151-67f74cf7c704
Discovery 2021-04-22
Entry 2021-05-06

The Go project reports:

http.ReadRequest can stack overflow due to recursion when given a request with a very large header (~8-10MB depending on the architecture). A http.Server which overrides the default max header of 1MB by setting Server.MaxHeaderBytes to a much larger value could also be vulnerable in the same way.

References

CVE Name CVE-2021-31525
URL https://github.com/golang/go/issues/45710