A vulnerability was found in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however servers are only vulnerable if the default 1 MB value for MaxHeaderBytes is increased