Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-61729

Опубликовано: 02 дек. 2025
Источник: debian
EPSS Низкий

Описание

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.25fixed1.25.6-1package
golang-1.24fixed1.24.12-1package
golang-1.24no-dsatrixiepackage
golang-1.19removedpackage
golang-1.19no-dsabookwormpackage
golang-1.15removedpackage
golang-1.15postponedbullseyepackage

Примечания

  • https://groups.google.com/g/golang-announce/c/8FJoBkPddm4

  • https://go-review.googlesource.com/c/go/+/725920

  • https://github.com/golang/go/issues/76445

  • Fixed by: https://github.com/golang/go/commit/f7bce4bd6f7b13de8d9f06f7f262e3b60381e7e9 (go1.25.5)

  • Fixed by: https://github.com/golang/go/commit/3a842bd5c6aa8eefa13c0174de3ab361e50bd672 (go1.24.11)

EPSS

Процентиль: 36%
0.00451
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-61729

CVSS3: 7.5
ubuntu
7 месяцев назад

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

redhat логотип

CVE-2025-61729

CVSS3: 7.5
redhat
7 месяцев назад

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

nvd логотип

CVE-2025-61729

CVSS3: 7.5
nvd
7 месяцев назад

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

msrc логотип

CVE-2025-61729

msrc
7 месяцев назад

Excessive resource consumption when printing error string for host certificate validation in crypto/x509

rocky логотип

RLSA-2026:2323

rocky
5 месяцев назад

Important: git-lfs security update

EPSS

Процентиль: 36%
0.00451
Низкий