CVE-2025-54801
BaseFortify
Publication date: 2025-08-06
Last updated on: 2025-09-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gofiber | fiber | to 2.52.9 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-789 | The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Fiber web framework (version 2.52.8 and below) when parsing form data with a large numeric key representing a slice index. The underlying schema decoder tries to allocate a slice with a length based on this large index without validating if the index is safe or reasonable. If the index is excessively large, it causes an integer overflow or memory exhaustion, leading to a panic or crash of the application. This issue is fixed in version 2.52.9.
How can this vulnerability impact me? :
This vulnerability can cause the application using Fiber to crash or panic when processing specially crafted form data with large numeric keys. This can lead to denial of service, making the application unavailable to legitimate users until it is restarted or fixed.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the Fiber web framework to version 2.52.9 or later, where this vulnerability is fixed.