CVE-2019-12158by Jeremyin Security Bulletinson Posted on May 17, 2019 GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflow via a long extension.