Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-61729

Опубликовано: 02 дек. 2025
Источник: debian
EPSS Низкий

Описание

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.25unfixedpackage
golang-1.24unfixedpackage
golang-1.19removedpackage
golang-1.19no-dsabookwormpackage
golang-1.15removedpackage
golang-1.15postponedbullseyepackage

Примечания

  • https://groups.google.com/g/golang-announce/c/8FJoBkPddm4

  • https://go-review.googlesource.com/c/go/+/725920

  • https://github.com/golang/go/issues/76445

  • Fixed by: https://github.com/golang/go/commit/f7bce4bd6f7b13de8d9f06f7f262e3b60381e7e9 (go1.25.5)

  • Fixed by: https://github.com/golang/go/commit/3a842bd5c6aa8eefa13c0174de3ab361e50bd672 (go1.24.11)

EPSS

Процентиль: 2%
0.00015
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-61729

CVSS3: 7.5
ubuntu
около 1 месяца назад

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

nvd логотип

CVE-2025-61729

CVSS3: 7.5
nvd
около 1 месяца назад

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

msrc логотип

CVE-2025-61729

msrc
около 1 месяца назад

Excessive resource consumption when printing error string for host certificate validation in crypto/x509

github логотип

GHSA-7c64-f9jr-v9h2

CVSS3: 7.5
github
около 1 месяца назад

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

fstec логотип

BDU:2025-16242

CVSS3: 7.5
fstec
около 2 месяцев назад

Уязвимость функции HostnameError.Error() пакета crypto/x509 языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 2%
0.00015
Низкий