Количество 8
Количество 8
CVE-2025-68156
Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the evaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data stru
CVE-2025-68156
Expr has Denial of Service via Unbounded Recursion in Builtin Functions
CVE-2025-68156
Expr is an expression language and expression evaluation for Go. Prior ...
RLSA-2025:23729
Important: opentelemetry-collector security update
RLSA-2025:23664
Important: opentelemetry-collector security update
GHSA-cfpf-hrx2-8rv6
Expr has Denial of Service via Unbounded Recursion in Builtin Functions
openSUSE-SU-2026:20099-1
Security update for coredns
SUSE-SU-2026:0327-1
Security update for alloy
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-68156 Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the evaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data stru | CVSS3: 7.5 | 0% Низкий | около 2 месяцев назад |
 | CVE-2025-68156 Expr has Denial of Service via Unbounded Recursion in Builtin Functions | CVSS3: 7.5 | 0% Низкий | около 2 месяцев назад |
| CVE-2025-68156 Expr is an expression language and expression evaluation for Go. Prior ... | CVSS3: 7.5 | 0% Низкий | около 2 месяцев назад |
 | RLSA-2025:23729 Important: opentelemetry-collector security update | 0% Низкий | около 1 месяца назад | |
| RLSA-2025:23664 Important: opentelemetry-collector security update | 0% Низкий | около 2 месяцев назад | |
| GHSA-cfpf-hrx2-8rv6 Expr has Denial of Service via Unbounded Recursion in Builtin Functions | CVSS3: 7.5 | 0% Низкий | около 2 месяцев назад |
 | openSUSE-SU-2026:20099-1 Security update for coredns | 12 дней назад | ||
| SUSE-SU-2026:0327-1 Security update for alloy | 8 дней назад |
Уязвимостей на страницу