Количество 11
Количество 11
CVE-2025-68156
Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the evaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data s...
CVE-2025-68156
Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the evaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data stru
CVE-2025-68156
Expr has Denial of Service via Unbounded Recursion in Builtin Functions
CVE-2025-68156
Expr is an expression language and expression evaluation for Go. Prior ...
ROS-20260327-73-0013
Уязвимость opentelemetry-collector-contrib
RLSA-2025:23729
Important: opentelemetry-collector security update
RLSA-2025:23664
Important: opentelemetry-collector security update
GHSA-cfpf-hrx2-8rv6
Expr has Denial of Service via Unbounded Recursion in Builtin Functions
openSUSE-SU-2026:20140-1
Security update for alloy
openSUSE-SU-2026:20099-1
Security update for coredns
SUSE-SU-2026:0327-1
Security update for alloy
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-68156 Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the evaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data s... | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
 | CVE-2025-68156 Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the evaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data stru | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
 | CVE-2025-68156 Expr has Denial of Service via Unbounded Recursion in Builtin Functions | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
| CVE-2025-68156 Expr is an expression language and expression evaluation for Go. Prior ... | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
 | ROS-20260327-73-0013 Уязвимость opentelemetry-collector-contrib | CVSS3: 7.5 | 0% Низкий | 4 дня назад |
 | RLSA-2025:23729 Important: opentelemetry-collector security update | 0% Низкий | 3 месяца назад | |
| RLSA-2025:23664 Important: opentelemetry-collector security update | 0% Низкий | 3 месяца назад | |
| GHSA-cfpf-hrx2-8rv6 Expr has Denial of Service via Unbounded Recursion in Builtin Functions | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
 | openSUSE-SU-2026:20140-1 Security update for alloy | около 2 месяцев назад | ||
| openSUSE-SU-2026:20099-1 Security update for coredns | 2 месяца назад | ||
| SUSE-SU-2026:0327-1 Security update for alloy | 2 месяца назад |
Уязвимостей на страницу