{"id":"CVE-2025-22871","details":"The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.","aliases":["BIT-golang-2025-22871","GHSA-g9pc-8g42-g6vq","GO-2025-3563"],"modified":"2026-04-10T05:22:46.917822Z","published":"2025-04-08T20:15:20Z","related":["ALSA-2025:12831","ALSA-2025:12850","ALSA-2025:8476","ALSA-2025:8477","ALSA-2025:8478","ALSA-2025:8666","ALSA-2025:8667","ALSA-2025:8682","ALSA-2025:8915","ALSA-2025:8916","ALSA-2025:8918","ALSA-2025:9060","ALSA-2025:9063","ALSA-2025:9106","ALSA-2025:9142","ALSA-2025:9143","ALSA-2025:9144","ALSA-2025:9145","ALSA-2025:9146","ALSA-2025:9147","ALSA-2025:9148","ALSA-2025:9149","ALSA-2025:9150","ALSA-2025:9151","ALSA-2025:9156","ALSA-2025:9317","ALSA-2025:9623","ALSA-2025:9634","ALSA-2025:9635","ALSA-2025:9844","ALSA-2025:9845","CGA-grqw-v5x4-56m6","MGASA-2025-0175","SUSE-SU-2025:01731-1","SUSE-SU-2025:03159-1","SUSE-SU-2025:1141-1","SUSE-SU-2025:1153-1","openSUSE-SU-2025:14962-1","openSUSE-SU-2025:14963-1","openSUSE-SU-2025:14978-1","openSUSE-SU-2025:15029-1","openSUSE-SU-2025:15305-1","openSUSE-SU-2025:15352-1"],"references":[{"type":"WEB","url":"https://go.dev/cl/652998"},{"type":"WEB","url":"https://go.dev/issue/71988"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk"},{"type":"WEB","url":"https://pkg.go.dev/vuln/GO-2025-3563"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/04/04/4"}],"schema_version":"1.7.5"}