MidnightBSD

Advisories for gohttp_project

CVE-2019-12158 HIGH

GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflow via a long extension.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
gohttp_project gohttp *
CVE-2019-12159 MEDIUM

GoHTTP through 2017-07-25 has a stack-based buffer over-read in the scan function (when called from getRequestType) via a long URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gohttp_project gohttp *
CVE-2019-12160 HIGH

GoHTTP through 2017-07-25 has a sendHeader use-after-free.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
gohttp_project gohttp *
CVE-2019-12198 MEDIUM

In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
gohttp_project gohttp *