Security Bulletin: IBM Cloud Pak for Data is vulnerable to service disruption due to memory exhaustion vulnerability in expression parser

Summary Potential vulnerabilities in github.com/Expr-lang/expr module CVE-2025-29786 have been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2025-29786 DESCRIPTION: Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if th...

opentelemetry-collector security update

An update is available for opentelemetry-collector. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Collector with the supported components for a Rocky Enterpri...

Security Bulletin: The Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree (AST) node for each part of the expression, affects watsonx.data

Summary In scenarios where input size isn't limited, a malicious or inadvertent extremely large expression can consume excessive memory as the parser builds a huge AST. This can ultimately lead toexcessive memory usage and an Out-Of-Memory OOM crash of the process. This issue is relatively uncomm...

github.com/expr-lang/expr: Memory Exhaustion in Expr Parser with Unrestricted Input

A flaw was found in Expr. This vulnerability allows excessive memory usage and potential out-of-memory OOM crashes via unbounded input strings, where a malicious or inadvertent large expression can cause the parser to construct an extremely large Abstract Syntax Tree AST, consuming excessive memo...

Important: amazon-cloudwatch-agent

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

github.com/expr-lang/expr: Memory Exhaustion in Expr Parser with Unrestricted Input

A flaw was found in Expr. This vulnerability allows excessive memory usage and potential out-of-memory OOM crashes via unbounded input strings, where a malicious or inadvertent large expression can cause the parser to construct an extremely large Abstract Syntax Tree AST, consuming excessive memo...

github.com/expr-lang/expr: Memory Exhaustion in Expr Parser with Unrestricted Input

A flaw was found in Expr. This vulnerability allows excessive memory usage and potential out-of-memory OOM crashes via unbounded input strings, where a malicious or inadvertent large expression can cause the parser to construct an extremely large Abstract Syntax Tree AST, consuming excessive memo...

Denial Of Service

github.com/expr-lang/expr is vulnerable to Denial of Service. The vulnerability is due to the absence of input size restrictions, allowing the parser to process arbitrarily large expressions...

GO-2025-3525 Memory Exhaustion in Expr Parser with Unrestricted Input in github.com/expr-lang/expr

Memory Exhaustion in Expr Parser with Unrestricted Input in github.com/expr-lang/expr...

Memory Exhaustion in Expr Parser with Unrestricted Input

Impact If the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of the expression. In scenarios where input size isn’t limited, a malicious or inadvertent extremely large expression c...

AZL-58861 CVE-2025-29786 affecting package keda for versions less than 2.14.1-5

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of the expression. In scenarios wher...

CVE-2025-29786 Memory Exhaustion in Expr Parser with Unrestricted Input

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of the expression. In scenarios wher...

CVE-2025-29786 Memory Exhaustion in Expr Parser with Unrestricted Input

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of the expression. In scenarios wher...