59 matches found
CVE-2026-42507
CVE-2026-42507 affects the Go net/textproto package. The root issue is that error returns include user-controlled input as part of the error string, which could allow an attacker to inject misleading content into errors that are printed or logged. The connected sources confirm this behavior acros...
CVE-2026-42507
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...
CVE-2026-42507
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...
CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...
CVE-2026-42507
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...
Improper Output Neutralization for Logs
Overview std/net/textproto is a Go standard library package std/net/textproto Affected versions of this package are vulnerable to Improper Output Neutralization for Logs. Go Vulnerability Report: When returning errors, functions in the net/textproto package would include its input as part of the...
GO-2026-5039 Arbitrary inputs are included in errors without any escaping in net/textproto
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...
PT-2026-45875
Name of the Vulnerable Software and Affected Versions Go affected versions not specified Description Functions within the net/textproto package include input as part of the error when returning errors. This behavior allows an attacker to inject misleading content into errors that are subsequently...
net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...
Excessive CPU consumption in Reader.ReadResponse in net/textproto
...
CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...
CVE-2025-61724
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...
GO-2025-4015 Excessive CPU consumption in Reader.ReadResponse in net/textproto
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...
SUSE-SU-2025:3682-1 Security update for go1.24
This update for go1.24 fixes the following issues: go1.24.9 released 2025-10-13 includes fixes to the crypto/x509 package. bsc1236217 crypto/x509: TLS validation fails for FQDNs with trailing dot go1.24.8 released 2025-10-07 includes security fixes to the archive/tar, crypto/tls, crypto/x509,...
Security update for go1.25
This update for go1.25 fixes the following issues: go1.25.2 released 2025-10-07 includes security fixes to the archive/tar, crypto/tls, crypto/x509, encoding/asn1, encoding/pem, net/http, net/mail, net/textproto, and net/url packages, as well as bug fixes to the compiler, the runtime, and the...
Memory exhaustion in multipart form parsing in net/textproto and net/http
...
Excessive memory allocation in net/http and net/textproto
...
RHEL 8 / 9 : OpenShift Container Platform 4.13.3 (RHSA-2023:3536)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3536 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
RHEL 8 / 9 : Red Hat Service Interconnect 1.4 Release (RHSA-2023:4003)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4003 advisory. As a Kubernetes user, I cannot connect easily connect services from one cluster with services on another cluster. Red Hat Application...
The vulnerability of the net/textproto package in the Golang programming language, which allows a hacker to trigger a service failure.
The vulnerability of the Golang net/textproto package is related to the large amount of memory allocated during the analysis of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...