INFSA-2025:9156: golang-github-openprinting-ipp-usb security update
Information about definition
Identificator: INFSA-2025:9156
Type: security
Release date: 2025-07-15 19:22:24 UTC
Information about package
HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB protocol.
Vulnerabilities description
- CVE-2025-22871
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-22871
|
no information | 5.4 | no information |
Updated packages