Launch Week Day 1: Announcing Security Design Review
Start for Free
UNKNOWN Go

Quadratic complexity in WordDecoder.DecodeHeader in mime

GO-2026-5038 · BIT-golang-2026-42504 · CVE-2026-42504

Published · Modified

Description

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes