You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
golang security
About this tag
The golang security tag on WindowsForum.com covers vulnerabilities and fixes in the Go programming language's standard library and runtime. Recent discussions include CVE-2026-27137, a correctness bug in Go's X.509 certificate verification that could allow improper email identity validation, and CVE-2023-24536, a denial-of-service vulnerability in the multipart form parser. These threads provide technical details, patching guidance, and mitigation strategies for developers and system administrators using Go in production environments. The tag focuses on security advisories, CVEs, and best practices for maintaining secure Go applications.
A subtle correctness bug in Go’s X.509 verification code — tracked as CVE-2026-27137 — can cause certificate chains to ignore multiple email-address name constraints when those constraints share the same local-part but differ by domain. The practical upshot: under specific conditions a...
The Go standard library’s multipart form parser contained a deceptively simple weakness that, in April 2023, was assigned CVE-2023-24536: specially crafted multipart requests can force Go programs to burn CPU and memory at scale, creating a reliable denial‑of‑service (DoS) vector against web...