Описание
The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-1.25 | fixed | 1.25.2-1 | package | |
| golang-1.24 | fixed | 1.24.8-1 | package | |
| golang-1.24 | no-dsa | trixie | package | |
| golang-1.23 | removed | package | ||
| golang-1.19 | removed | package | ||
| golang-1.19 | no-dsa | bookworm | package | |
| golang-1.15 | removed | package | ||
| golang-1.15 | postponed | bullseye | package |
Примечания
https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
https://github.com/golang/go/issues/75680
https://github.com/golang/go/commit/6a057327cf9a405e6388593dd4aedc0d0da77092 (go1.25.2)
https://github.com/golang/go/commit/bc6981fd74024098185a23ba3a83a81ed68a06c9 (go1.24.8)
EPSS
Связанные уязвимости
The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
Уязвимость функции ParseAddress() языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании
EPSS