CVE-2025-61725

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption. Mitigation Mitigation for this issue is either not available or the currently available options do...

EUVD-2025-36739

The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

CVE-2025-61725

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

CVE-2025-61724

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...

AZL-78923 CVE-2025-61725 affecting package golang 1.25.7-1

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

AZL-69164 CVE-2025-61724 affecting package msft-golang 1.24.13-1

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...

UBUNTU-CVE-2025-61724

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google, Inc. A security vulnerability exists in Google Go, which stems from the Reader.ReadResponse function constructing a response string by concatenating repetitive strings, which may...

ROS-20251029-04

A plug-in vulnerability in the Grafana-Zabbix web-based data submission tool is related to maximum CPU utilization. Exploitation of the vulnerability could allow an attacker due to a custom request with a regular expression, acting remotely, to cause a denial of service...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the processing of malicious JSON payloads in the request handling process. An attacker can exhaust system memory and CPU resources by sending specially crafted JSON objects that, when deserialized, consume...

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release after establishing a TLS session. An attacker can cause excessive CPU utilization by initiating a half-shutdown of the connection during the handshake, leading the peer to enter a spin loop on socke...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the listNames function. An attacker can cause significant CPU consumption and degrade server performance by supplying a crafted regular expression and influencing the set of resource names...

ChuanhuChatGPT 资源管理错误漏洞

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. ChuanhuChatGPT suffers from a denial of service vulnerability that stems from the use of an insecure regular expression. An attacker can...

bind9: Parsing large DNS messages may cause excessive CPU load

A flaw was found in the bind package. This issue may allow a remote attacker with no specific privileges to craft a specially long DNS message leading to an excessive and uncontrolled CPU usage, the server being unavailable, and a Denial of Service...

Znuny 安全漏洞

Znuny is a work order system from Znuny, Inc. A security vulnerability exists in Znuny versions 6.5.1 through 6.5.10, 7.0.1 through 7.0.16, and 6.0 that originates from a denial-of-service/redo attack that allows parsing of email content via email can result in high CPU usage and block the parsin...

AZL-50019 CVE-2024-47554 affecting package apache-commons-io for versions less than 2.14.0-1

Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgra...

AZL-49024 CVE-2024-23184 affecting package dovecot 2.3.20-1

Having a large number of address headers From, To, Cc, Bcc, etc. becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors...

sigstore-go 安全漏洞

sigstore-go is a client library for Sigstore from the sigstore open source. A security vulnerability exists in sigstore-go versions prior to 0.6.1, which stems from the processing of maliciously constructed Sigstore Bundles containing massively verifiable data that can lead to excessive CPU...

Python 安全漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. Python has a security vulnerability that stems from the parser's use of algorithms with quadratic complexity,...

org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service

A vulnerability was found in Bouncy Castle. An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters...