Stay Connected:

CVE-2023-45290

CVE Details

Release Date:2024-03-05

Description


When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.

See more information about CVE-2023-45290 from MITRE CVE dictionary and NIST NVD


CVSS Scoring


NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score: 5.3 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector: Network Attack Complexity: Low
Privileges Required: None User Interaction: None
Scope: Unchanged Confidentiality Impact: None
Integrity Impact: None Availability Impact: Low

Errata information


PlatformErrataRelease Date
Oracle Linux version 8 (aardvark-dns)ELSA-2024-52582024-08-13
Oracle Linux version 8 (aardvark-dns)ELSA-2024-69692024-09-24
Oracle Linux version 8 (aardvark-dns)ELSA-2024-80382024-10-14
Oracle Linux version 8 (buildah)ELSA-2024-52582024-08-13
Oracle Linux version 8 (buildah)ELSA-2024-69692024-09-24
Oracle Linux version 8 (buildah)ELSA-2024-80382024-10-14
Oracle Linux version 8 (cockpit-podman)ELSA-2024-52582024-08-13
Oracle Linux version 8 (cockpit-podman)ELSA-2024-69692024-09-24
Oracle Linux version 8 (cockpit-podman)ELSA-2024-80382024-10-14
Oracle Linux version 8 (conmon)ELSA-2024-52582024-08-13
Oracle Linux version 8 (conmon)ELSA-2024-69692024-09-24
Oracle Linux version 8 (conmon)ELSA-2024-80382024-10-14
Oracle Linux version 8 (container-selinux)ELSA-2024-52582024-08-13
Oracle Linux version 8 (container-selinux)ELSA-2024-69692024-09-24
Oracle Linux version 8 (container-selinux)ELSA-2024-80382024-10-14
Oracle Linux version 8 (containernetworking-plugins)ELSA-2024-52582024-08-13
Oracle Linux version 8 (containernetworking-plugins)ELSA-2024-69692024-09-24
Oracle Linux version 8 (containernetworking-plugins)ELSA-2024-80382024-10-14
Oracle Linux version 8 (containers-common)ELSA-2024-52582024-08-13
Oracle Linux version 8 (containers-common)ELSA-2024-69692024-09-24
Oracle Linux version 8 (containers-common)ELSA-2024-80382024-10-14
Oracle Linux version 8 (criu)ELSA-2024-52582024-08-13
Oracle Linux version 8 (criu)ELSA-2024-69692024-09-24
Oracle Linux version 8 (criu)ELSA-2024-80382024-10-14
Oracle Linux version 8 (crun)ELSA-2024-52582024-08-13
Oracle Linux version 8 (crun)ELSA-2024-69692024-09-24
Oracle Linux version 8 (crun)ELSA-2024-80382024-10-14
Oracle Linux version 8 (delve)ELSA-2024-32592024-05-29
Oracle Linux version 8 (fuse-overlayfs)ELSA-2024-52582024-08-13
Oracle Linux version 8 (fuse-overlayfs)ELSA-2024-69692024-09-24
Oracle Linux version 8 (fuse-overlayfs)ELSA-2024-80382024-10-14
Oracle Linux version 8 (git-lfs)ELSA-2024-33462024-05-29
Oracle Linux version 8 (go-toolset)ELSA-2024-32592024-05-29
Oracle Linux version 8 (golang)ELSA-2024-32592024-05-29
Oracle Linux version 8 (libslirp)ELSA-2024-52582024-08-13
Oracle Linux version 8 (libslirp)ELSA-2024-69692024-09-24
Oracle Linux version 8 (libslirp)ELSA-2024-80382024-10-14
Oracle Linux version 8 (netavark)ELSA-2024-52582024-08-13
Oracle Linux version 8 (netavark)ELSA-2024-69692024-09-24
Oracle Linux version 8 (netavark)ELSA-2024-80382024-10-14
Oracle Linux version 8 (oci-seccomp-bpf-hook)ELSA-2024-52582024-08-13
Oracle Linux version 8 (oci-seccomp-bpf-hook)ELSA-2024-69692024-09-24
Oracle Linux version 8 (oci-seccomp-bpf-hook)ELSA-2024-80382024-10-14
Oracle Linux version 8 (podman)ELSA-2024-52582024-08-13
Oracle Linux version 8 (podman)ELSA-2024-69692024-09-24
Oracle Linux version 8 (podman)ELSA-2024-80382024-10-14
Oracle Linux version 8 (python-podman)ELSA-2024-52582024-08-13
Oracle Linux version 8 (python-podman)ELSA-2024-69692024-09-24
Oracle Linux version 8 (python-podman)ELSA-2024-80382024-10-14
Oracle Linux version 8 (runc)ELSA-2024-52582024-08-13
Oracle Linux version 8 (runc)ELSA-2024-69692024-09-24
Oracle Linux version 8 (runc)ELSA-2024-80382024-10-14
Oracle Linux version 8 (skopeo)ELSA-2024-52582024-08-13
Oracle Linux version 8 (skopeo)ELSA-2024-69692024-09-24
Oracle Linux version 8 (skopeo)ELSA-2024-80382024-10-14
Oracle Linux version 8 (slirp4netns)ELSA-2024-52582024-08-13
Oracle Linux version 8 (slirp4netns)ELSA-2024-69692024-09-24
Oracle Linux version 8 (slirp4netns)ELSA-2024-80382024-10-14
Oracle Linux version 8 (udica)ELSA-2024-52582024-08-13
Oracle Linux version 8 (udica)ELSA-2024-69692024-09-24
Oracle Linux version 8 (udica)ELSA-2024-80382024-10-14
Oracle Linux version 9 (buildah)ELSA-2024-38272024-06-11
Oracle Linux version 9 (containernetworking-plugins)ELSA-2024-38312024-06-11
Oracle Linux version 9 (git-lfs)ELSA-2024-27242024-05-07
Oracle Linux version 9 (golang)ELSA-2024-25622024-05-07
Oracle Linux version 9 (gvisor-tap-vsock)ELSA-2024-38302024-06-12
Oracle Linux version 9 (podman)ELSA-2024-38262024-06-11


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights