CVE-2021-31525

SOURCE - github

Summary

golang.org/x/net/http/httpguts in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.

EPSS Score⁠: 0.0085 (0.821)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-674⁠

Uncontrolled Recursion

SOURCE - github

CWE-674⁠

Uncontrolled Recursion

SOURCE - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-674⁠

Uncontrolled Recursion

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

SOURCE - redhat

CWE-120⁠

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-20⁠

Improper Input Validation

Impacted images

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.