171 matches found
Amazon Linux 2023 : golist (ALAS2023-2026-1874)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1874 advisory. x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, . to execute repeatedly on the same...
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2026-1878)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1878 advisory. x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, . to execute repeatedly on the same...
Amazon Linux 2023 : golang-github-burntsushi-toml, golang-github-burntsushi-toml-devel (ALAS2023-2026-1877)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1877 advisory. x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, . to execute repeatedly on the same...
Amazon Linux 2023 : compat-golang-github-cpuguy83-md2man-2-devel, golang-github-cpuguy83-md2man, golang-github-cpuguy83-md2man-devel (ALAS2023-2026-1875)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1875 advisory. x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, . to execute repeatedly on the same...
Amazon Linux 2 : golang, --advisory ALAS2-2026-3383 (ALAS-2026-3383)
The version of golang installed on the remote host is prior to 1.25.11-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3383 advisory. x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN...
Amazon Linux 2 : golist, --advisory ALAS2-2026-3382 (ALAS-2026-3382)
The version of golist installed on the remote host is prior to 0.10.1-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3382 advisory. x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN...
OPENSUSE-SU-2026:20976-1 Security update for go1.26
This update for go1.26 fixes the following issues Update to go1.26.4 bsc1255111: - CVE-2026-27145: crypto/x509: split candidate hostname only once bsc1267450. - CVE-2026-42504: mime: quadratic complexity in WordDecoder.DecodeHeader bsc1267442. - CVE-2026-42507: net/textproto: arbitrary input are...
CLEANSTART-2026-KV53168 Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU
Security vulnerability affects the kyverno-policy-reporter-kyverno-plugin package. Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...
SUSE-SU-2026:2327-1 Security update for go1.26
This update for go1.26 fixes the following issues Update to go1.26.4 bsc1255111: - CVE-2026-27145: crypto/x509: split candidate hostname only once bsc1267450. - CVE-2026-42504: mime: quadratic complexity in WordDecoder.DecodeHeader bsc1267442. - CVE-2026-42507: net/textproto: arbitrary input are...
Security update for go1.25
This update for go1.25 fixes the following issues Update to go1.25.11 bsc1244485: CVE-2026-27145: crypto/x509: split candidate hostname only once bsc1267450. CVE-2026-42504: mime: quadratic complexity in WordDecoder.DecodeHeader bsc1267442. CVE-2026-42507: net/textproto: arbitrary input are...
SUSE-SU-2026:2326-1 Security update for go1.25
This update for go1.25 fixes the following issues Update to go1.25.11 bsc1244485: - CVE-2026-27145: crypto/x509: split candidate hostname only once bsc1267450. - CVE-2026-42504: mime: quadratic complexity in WordDecoder.DecodeHeader bsc1267442. - CVE-2026-42507: net/textproto: arbitrary input are...
SUSE CVE-2026-42504
Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...
Golang 1.25.x < 1.25.11 / 1.26.x < 1.26.4 Multiple Vulnerabilities
The version of Golang running on the remote host is 1.25.x prior to 1.25.11, or 1.26.x prior to 1.26.4. It is, therefore, affected by multiple vulnerabilities: - x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caus...
EUVD-2026-34039
Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...
Linux Distros Unpatched Vulnerability : CVE-2026-42504
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU. CVE-2026-42504 Note that Nessus relies on the presen...
CVE-2026-42504
Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...
DEBIAN-CVE-2026-42504
Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...
UBUNTU-CVE-2026-42504
Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...
CVE-2026-42504
Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...
CVE-2026-42504 Quadratic complexity in WordDecoder.DecodeHeader in mime
Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...