Security Advisory

CVE-2025-58186

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-29 22:10:13

Last updated 2025-11-04 21:13:35

Assigner Go

State PUBLISHED

Description

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.

← Browse all CVEs View on cve.org ↗