Lucene search
K

71 matches found

NVD
NVD
added 2026/06/02 11:16 p.m.20 views

CVE-2026-42507

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

5.3CVSS0.0037EPSS
Exploits0References4
OSV
OSV
added 2026/06/02 11:16 p.m.7 views

DEBIAN-CVE-2026-42507

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

5.3CVSS5.8AI score0.0037EPSS
Exploits0References1
OSV
OSV
added 2026/06/02 11:16 p.m.6 views

UBUNTU-CVE-2026-42507

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

5.3CVSS5.3AI score0.0037EPSS
Exploits0References5
CVE
CVE
added 2026/06/02 10:1 p.m.76 views

CVE-2026-42507

CVE-2026-42507 affects the Go net/textproto package. The root issue is that error returns include user-controlled input as part of the error string, which could allow an attacker to inject misleading content into errors that are printed or logged. The connected sources confirm this behavior acros...

5.3CVSS5.8AI score0.0037EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/02 10:1 p.m.8 views

CVE-2026-42507

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

5.3CVSS5.8AI score0.0037EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/02 10:1 p.m.33 views

CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

0.0037EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/02 10:1 p.m.10 views

CVE-2026-42507

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

5.8AI score0.0037EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/02 10:1 p.m.7 views

CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

5.8AI score0.0037EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/06/02 10:1 p.m.4 views

CVE-2026-42507

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

5.3CVSS5.8AI score0.0037EPSS
Exploits0
Snyk
Snyk
added 2026/06/02 9:39 p.m.7 views

Improper Output Neutralization for Logs

Overview std/net/textproto is a Go standard library package std/net/textproto Affected versions of this package are vulnerable to Improper Output Neutralization for Logs. Go Vulnerability Report: When returning errors, functions in the net/textproto package would include its input as part of the...

6.9CVSS5.5AI score0.0037EPSS
Exploits0References3
OSV
OSV
added 2026/06/02 9:39 p.m.9 views

GO-2026-5039 Arbitrary inputs are included in errors without any escaping in net/textproto

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

5.3CVSS5.8AI score0.0037EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.17 views

PT-2026-45875

Name of the Vulnerable Software and Affected Versions Go affected versions not specified Description Functions within the net/textproto package include input as part of the error when returning errors. This behavior allows an attacker to inject misleading content into errors that are subsequently...

9.8CVSS5.8AI score0.0037EPSS
Exploits0
OSV
OSV
added 2025/12/12 7:45 a.m.7 views

OPENSUSE-SU-2025:20158-1 Security update for go1.24

This update for go1.24 fixes the following issues: Update to go1.24.11. Security issues fixed: - CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames bsc1251257. - CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map bsc1251261. - CVE-2025-58185:...

7.5CVSS5.8AI score0.00626EPSS
Exploits2References29
OSV
OSV
added 2025/12/12 7:24 a.m.2 views

SUSE-SU-2025:21192-1 Security update for go1.25

This update for go1.25 fixes the following issues: Update to go1.25.5. Security issues fixed: - CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation bsc1254431. - CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn't...

7.5CVSS7.2AI score0.00626EPSS
Exploits2References33
Microsoft CVE
Microsoft CVE
added 2025/10/31 1:7 a.m.5 views

Excessive CPU consumption in Reader.ReadResponse in net/textproto

...

5.3CVSS7AI score0.00526EPSS
Exploits0
CVE
CVE
added 2025/10/29 10:10 p.m.42 views

CVE-2025-61724

CVE-2025-61724 is addressed in IBM security bulletins for IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers. The vulnerability stems from the Reader.ReadResponse function, which builds a response by repeatedly concatenating strings; when responses contain many ...

5.3CVSS6.5AI score0.00526EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/10/29 10:10 p.m.9 views

CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...

0.00526EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2025/10/29 10:10 p.m.2 views

CVE-2025-61724

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...

5.3CVSS8.1AI score0.00526EPSS
Exploits0
Snyk
Snyk
added 2025/10/29 9:51 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview std/net/textproto is a Go standard library package std/net/textproto Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report:The Reader.ReadResponse function constructs a response string through repeated string...

6.9CVSS6.9AI score0.00526EPSS
Exploits0References3
OSV
OSV
added 2025/10/29 9:51 p.m.8 views

GO-2025-4015 Excessive CPU consumption in Reader.ReadResponse in net/textproto

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...

5.3CVSS6.5AI score0.00526EPSS
Exploits0References3
Rows per page
Query Builder