4 matches found
net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME
A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...
CVE-2026-33811 Crash when handling long CNAME response in net
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...
CVE-2026-33811 Crash when handling long CNAME response in net
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...
CVE-2026-33811
The CVE-2026-33811 entry describes a crash in the Go ecosystem when using LookupCNAME with the cgo DNS resolver: very long CNAME responses can trigger a double-free of C memory, leading to a crash. Affected item: Go net/cgo DNS resolver (LookupCNAME path). Root cause: memory management error (dou...