VYPR
Medium severity6.5NVD Advisory· Published Mar 5, 2024· Updated Apr 15, 2026

CVE-2023-45290

CVE-2023-45290

Description

When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1401

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.