53 matches found
Arbitrary inputs are included in errors without any escaping in net/textproto
...
BIT-GOLANG-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...
SUSE CVE-2026-42507
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...
EUVD-2026-34040
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...
UBUNTU-CVE-2026-42507
When returning errors, functions in the net/textproto package would in...
Linux Distros Unpatched Vulnerability : CVE-2026-42507
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading...
CVE-2026-42507
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...
DEBIAN-CVE-2026-42507
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...
CVE-2026-42507
CVE-2026-42507 affects the Go net/textproto package. The root issue is that error returns include user-controlled input as part of the error string, which could allow an attacker to inject misleading content into errors that are printed or logged. The connected sources confirm this behavior acros...
CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...
CVE-2026-42507
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...
CVE-2026-42507
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...
CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...
Improper Output Neutralization for Logs
Overview std/net/textproto is a Go standard library package std/net/textproto Affected versions of this package are vulnerable to Improper Output Neutralization for Logs. Go Vulnerability Report: When returning errors, functions in the net/textproto package would include its input as part of the...
GO-2026-5039 Arbitrary inputs are included in errors without any escaping in net/textproto
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...
PT-2026-45875
Name of the Vulnerable Software and Affected Versions Go affected versions not specified Description Functions within the net/textproto package include input as part of the error when returning errors. This behavior allows an attacker to inject misleading content into errors that are subsequently...
OPENSUSE-SU-2025:20158-1 Security update for go1.24
This update for go1.24 fixes the following issues: Update to go1.24.11. Security issues fixed: - CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames bsc1251257. - CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map bsc1251261. - CVE-2025-58185:...
SUSE-SU-2025:21192-1 Security update for go1.25
This update for go1.25 fixes the following issues: Update to go1.25.5. Security issues fixed: - CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation bsc1254431. - CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn't...
Excessive CPU consumption in Reader.ReadResponse in net/textproto
...
CVE-2025-61724
CVE-2025-61724 is addressed in IBM security bulletins for IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers. The vulnerability stems from the Reader.ReadResponse function, which builds a response by repeatedly concatenating strings; when responses contain many ...