GCVE - cpe:2.3:a:go_standard_library:net/http/internal:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:go_standard_library:net/http/internal:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Go Standard Library (`50bc78d3-15d0-59a4-bc22-a964570e0614`)
Product	Net/Http/Internal (`0313da34-280e-548b-a656-548f6e601cdc`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-22871`	vulnerable	2026-06-03 14:59:41.685177	Request smuggling due to acceptance of invalid chunked data in net/http The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext. Published: 2025-04-08T20:04:34.769Z Updated: 2026-05-12T12:04:11.015Z Open on db.gcve.eu Reference links https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://pkg.go.dev/vuln/GO-2025-3563	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-39326`	vulnerable	2026-06-03 14:52:38.687938	Denial of service via chunk extensions in net/http A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small. Published: 2023-12-06T16:27:53.832Z Updated: 2025-02-13T17:02:50.990Z Open on db.gcve.eu Reference links https://go.dev/issue/64433 https://go.dev/cl/547335 https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ https://pkg.go.dev/vuln/GO-2023-2382 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIU6HOGV6RRIKWM57LOXQA75BGZSIH6G/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Net/Http/Internal

PURL mappings

Vulnerability references

Contribute