CVE-2019-12158

GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflow via a long extension.
Source: NIST
CVE-2019-12158