CVE-2025-54801

High CVSS: 8.7

Fiber is an Express inspired web framework written in Go. In versions 2.52.8 and below, when using Fiber's Ctx.BodyParser to parse form data containing a large numeric key that represents a slice index (e.g., test.18446744073704), the application crashes due to an out-of-bounds slice allocation in the underlying schema decoder. The root cause is that the decoder attempts to allocate a slice of length idx + 1 without validating whether the index is within a safe or reasonable range. If the idx is excessively large, this leads to an integer overflow or memory exhaustion, causing a panic or crash. This is fixed in version 2.52.9.

Vendor

Gofiber

Product

Fiber

CWE

CWE-789

Yayın Tarihi

2025-08-06 00:15:31

Güncelleme

2025-09-23 23:27:27

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-789 Fiber HIGH Gofiber 2025

Referanslar

https://github.com/gofiber/fiber/commit/e115c08b8f059a4a031b492aa9eef0712411853d https://github.com/gofiber/fiber/security/advisories/GHSA-qx2q-88mx-vhg7 https://github.com/gofiber/fiber/security/advisories/GHSA-qx2q-88mx-vhg7

Benzer Kayıtlar

High

CVE-2026-25891

Fiber is an Express inspired web framework written in Go. A Path Traversal (CWE-22) vulnerability in Fiber allows a remo…

High

CVE-2026-25899

Fiber is an Express inspired web framework written in Go. In versions on the v3 branch prior to 3.1.0, the use of the `f…

Medium

CVE-2026-25882

Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 th…

Critical

CVE-2025-66630

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying c…

Critical

CVE-2025-66565

Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's c…

High

CVE-2025-48075

Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, `fiber…