We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-47908

Denial of service via malicious preflight requests in github.com/rs/cors



Description

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service.

Reserved 2025-05-13 | Published 2025-08-06 | Updated 2025-08-07 | Assigner Go

Problem types

CWE-1325: Improperly Controlled Sequential Memory Allocation

Product status

Default status
unaffected

1.9.0 before 1.11.0
affected

Credits

@jub0bs

References

github.com/rs/cors/pull/171

github.com/rs/cors/issues/170

pkg.go.dev/vuln/GO-2024-2883

cve.org (CVE-2025-47908)

nvd.nist.gov (CVE-2025-47908)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-47908

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.