4 matches found
BIT-GOLANG-2026-42499 Quadratic string concatenation in consumePhrase in net/mail
Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322...
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...
CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail
Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322...
CVE-2026-42499
CVE-2026-42499 affects the net/mail package’s consumePhrase routine, where pathological inputs can trigger DoS due to quadratic string concatenation when parsing RFC 5322 email addresses. This is documented across multiple feeds (NVD, CVE list, Debian, CIRCL, OSV GO-2026-4977, vulnrichment), indi...