golang.org/x/net/http/httpguts in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.
{ "nvd_published_at": "2021-05-27T13:15:00Z", "cwe_ids": [ "CWE-674" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-02-08T00:35:49Z" }