Fluid Attacks Database

Description

Memory exhaustion in query parameter parsing in net/url The net/url package does not set a limit on the number of query parameters in a query.

While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	golang-1.19	=1.19.10-1 \|\| =1.19.10-2 \|\| =1.19.11-1 \|\| =1.19.12-1 \|\| =1.19.12-2 \|\| =1.19.12-2~bpo11+1 \|\| =1.19.12-2~bpo12+1 \|\| =1.19.13-1 \|\| =1.19.13-1~bpo11+1 \|\| =1.19.13-1~bpo12+1 \|\| =1.19.8-2 \|\| =1.19.9-1	-
debian 13	golang-1.24	=1.24.12-1 \|\| =1.24.13-1 \|\| =1.24.13-2 \|\| =1.24.4-1 \|\| =1.24.4-2 \|\| =1.24.4-3 \|\| =1.24.4-4 \|\| =1.24.7-1 \|\| =1.24.8-1 \|\| =1.24.9-1	-
debian 11	golang-1.15	=1.15.15-1 \|\| =1.15.15-1~deb11u1 \|\| =1.15.15-1~deb11u2 \|\| =1.15.15-1~deb11u3 \|\| =1.15.15-1~deb11u4 \|\| =1.15.15-2 \|\| =1.15.15-3 \|\| =1.15.15-4 \|\| =1.15.15-5 \|\| =1.15.9-6	-
debian 14	golang-1.25	=1.25.0-1 \|\| =1.25.0-2 \|\| =1.25.1-1 \|\| =1.25.2-1 \|\| =1.25.3-1 \|\| >=0 <1.25.6-1	1.25.6-1
go	stdlib	>=0 <1.24.12	1.24.12
rpm rhel9	butane	-	-
rpm rhel10	go-rpm-macros	<0:3.6.0-7.el10_1	0:3.6.0-7.el10_1
rpm rhel10.0	go-rpm-macros	<0:3.6.0-5.el10_0	0:3.6.0-5.el10_0
rpm rhel9	go-rpm-macros	<0:3.6.0-13.el9_7	0:3.6.0-13.el9_7
rpm rhel8	go-toolset	<0:1.25.7-1.module+el8.10.0+23993+83a15e10	0:1.25.7-1.module+el8.10.0+23993+83a15e10

1-10 of 106

Aliases

1. CVE-2025-617262. NVD-2025-617263. OSV-DEBIAN-2025-617264. OSV-2025-617265. OSV-GO-2026-43416. GCVE-2025-617267. SECURITY-TRACKER-CVE-2025-61726

References

1. https://go.dev/cl/7367122. https://go.dev/issue/771013. https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.