DEPRECATED: Uncontrolled File Descriptor Consumption

CVE-2017-1000098

High

7.5/10

Summary

The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-769 - DEPRECATED: Uncontrolled File Descriptor Consumption

This entry has been deprecated because it was a duplicate of CWE-774. All content has been transferred to CWE-774.

References

Advisory Timeline

Published Oct 05, 2017

DEPRECATED: Uncontrolled File Descriptor Consumption

CVE-2017-1000098

Summary

CWE-769 - DEPRECATED: Uncontrolled File Descriptor Consumption

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS