Wind River Support Network

HomeDefectsLIN1021-14449
Fixed

LIN1021-14449 : Security Advisory - go - CVE-2025-22871

Created: Mar 1, 2025    Updated: May 26, 2025
Resolved Date: May 21, 2025
Found In Version: 10.21.20.1
Fix Version: 10.21.20.25
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

https://nvd.nist.gov/vuln/detail/CVE-2025-22871

CVEs


Live chat
Online