UBUNTU-CVE-2015-5739

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2015-5739
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-5739.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2015-5739
Upstream
  • CVE-2015-5739
Published
2017-10-18T20:29:00Z
Modified
2025-10-24T04:45:26Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • Ubuntu - low
Summary
[none]
Details

The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."

References

Affected packages

Ubuntu:14.04:LTS / gccgo-4.9

Package

Name
gccgo-4.9
Purl
pkg:deb/ubuntu/gccgo-4.9@4.9.3-0ubuntu4?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*
4.9-20140213-0ubuntu1
4.9-20140213-0ubuntu2
4.9-20140217-0ubuntu1
4.9-20140222-0ubuntu1
4.9-20140303-0ubuntu2
4.9-20140303-0ubuntu3
4.9-20140321-0ubuntu1
4.9-20140330-0ubuntu1
4.9-20140406-0ubuntu1
4.9.1-0ubuntu1
4.9.3-0ubuntu4

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "gcc-4.9-base",
            "binary_version": "4.9.3-0ubuntu4"
        },
        {
            "binary_name": "gccgo-4.9",
            "binary_version": "4.9.3-0ubuntu4"
        },
        {
            "binary_name": "gccgo-4.9-multilib",
            "binary_version": "4.9.3-0ubuntu4"
        },
        {
            "binary_name": "lib32gcc1",
            "binary_version": "1:4.9.3-0ubuntu4"
        },
        {
            "binary_name": "lib32go5",
            "binary_version": "4.9.3-0ubuntu4"
        },
        {
            "binary_name": "lib64gcc1",
            "binary_version": "1:4.9.3-0ubuntu4"
        },
        {
            "binary_name": "lib64go5",
            "binary_version": "4.9.3-0ubuntu4"
        },
        {
            "binary_name": "libgcc1",
            "binary_version": "1:4.9.3-0ubuntu4"
        },
        {
            "binary_name": "libgo5",
            "binary_version": "4.9.3-0ubuntu4"
        },
        {
            "binary_name": "libsfgcc1",
            "binary_version": "1:4.9.3-0ubuntu4"
        },
        {
            "binary_name": "libx32gcc1",
            "binary_version": "1:4.9.3-0ubuntu4"
        },
        {
            "binary_name": "libx32go5",
            "binary_version": "4.9.3-0ubuntu4"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-5739.json"