CVE-2017-1000098
golang - security update
EPSS 0.43%
Description
When parsing large multipart/form-data, an attacker can cause a HTTP server to open a large number of file descriptors. This may be used as a denial-of-service vector.
How to fix CVE-2017-1000098
To remediate CVE-2017-1000098, upgrade the affected package to a fixed version below.
- Debian/golang—upgrade to 2:1.0.2-1.1+deb7u1 or later
- Go/stdlib—upgrade to 1.6.4 or later
Is CVE-2017-1000098 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2:1.0.2-1.1+deb7u1
- from 0, < 1.6.4, >= 1.7.0-0, < 1.7.4