VYPR
Medium severity5.3NVD Advisory· Published Oct 29, 2025· Updated Apr 15, 2026

CVE-2025-58186

CVE-2025-58186

Description

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3115

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.