Vulnerabilities

CVE-2025-58186

by Fred · 29/10/2025

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as “a=;”, an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.

More information : https://go.dev/cl/709855

Similar

Tags: Cybersecurity Alert