Lucene search
+L

31 matches found

OSV
OSV
added 2026/06/10 1:3 a.m.8 views

CLEANSTART-2026-GZ11549 Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations

Multiple security vulnerabilities affect the certificate-transparency-trillian-ctserver package. Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations. See references for individual vulnerability details...

9.8CVSS6.8AI score0.01945EPSS
Exploits4References91
RedHat Linux
RedHat Linux
added 2026/06/04 12:43 p.m.4 views

net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

A flaw was found in the net/mail package of the Go programming language. An attacker could provide specially crafted inputs to the ParseAddress, ParseAddressList, or ParseDate functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service DoS for...

7.5CVSS6.9AI score0.00784EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/05/09 2:43 a.m.14 views

SUSE CVE-2026-39820

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

7.5CVSS5.8AI score0.00784EPSS
Exploits0References16
OSV
OSV
added 2026/05/07 8:16 p.m.5 views

DEBIAN-CVE-2026-39820

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

7.5CVSS5.8AI score0.00784EPSS
Exploits0References1
NVD
NVD
added 2026/05/07 8:16 p.m.18 views

CVE-2026-39820

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

7.5CVSS0.00784EPSS
Exploits0References22
Vulnrichment
Vulnrichment
added 2026/05/07 7:41 p.m.11 views

CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

5.8AI score0.00784EPSS
Exploits0References4
OSV
OSV
added 2026/05/07 7:41 p.m.2 views

CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

7.5CVSS5.9AI score0.00784EPSS
Exploits0References25
Snyk
Snyk
added 2026/04/14 11:27 p.m.12 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.8 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
OSV
OSV
added 2026/01/30 3:41 p.m.8 views

CLEANSTART-2026-ER42900 ParseAddress function constructs domain-literal address components through repeated string concatenation

Multiple security vulnerabilities affect the external-dns-fips package. The ParseAddress function constructs domain-literal address components through repeated string concatenation. See references for individual vulnerability details...

9.8CVSS5.5AI score0.00626EPSS
Exploits2References29
Tenable Nessus
Tenable Nessus
added 2025/12/15 12:0 a.m.6 views

openSUSE 16 Security Update : go1.25 (openSUSE-SU-2025:20157-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:20157-1 advisory. Update to go1.25.5. Security issues fixed: - CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host...

7.5CVSS7.8AI score0.00626EPSS
Exploits2References45
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.4 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988887)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988887 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null...

5.5CVSS6.1AI score0.00226EPSS
Exploits0References4
OSV
OSV
added 2025/11/04 4:13 p.m.9 views

MGASA-2025-0256 Updated golang packages fix security vulnerabilities

Insufficient validation of bracketed IPv6 hostnames in net/url. CVE-2025-47912 Unbounded allocation when parsing GNU sparse map in archive/tar. CVE-2025-58183 Parsing DER payload can cause memory exhaustion in encoding/asn1. CVE-2025-58185 Lack of limit when parsing cookies can cause memory...

7.5CVSS6.6AI score0.00626EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/30 12:31 a.m.6 views

EUVD-2025-36739

The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

7.5CVSS6.4AI score0.00613EPSS
Exploits0References5
NVD
NVD
added 2025/10/29 11:16 p.m.13 views

CVE-2025-61725

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

7.5CVSS0.00613EPSS
Exploits0References5
OSV
OSV
added 2025/10/29 11:16 p.m.5 views

AZL-69290 CVE-2025-61725 affecting package golang 1.26.0-1

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

7.5CVSS6.7AI score0.00613EPSS
Exploits0References1
OSV
OSV
added 2025/10/29 11:16 p.m.9 views

UBUNTU-CVE-2025-61725

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

7.5CVSS6.7AI score0.00613EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/10/29 10:10 p.m.13 views

CVE-2025-61725 Excessive CPU consumption in ParseAddress in net/mail

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

0.00613EPSS
Exploits0References4
Snyk
Snyk
added 2025/10/29 9:48 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview std/net/mail is a Go standard library package std/net/mail Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report:The ParseAddress function constructs domain-literal address components through repeated string...

8.7CVSS6.9AI score0.00613EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/25 4:59 p.m.13 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilties with an update. Vulnerability Details CVEID:CVE-2021-43784 DESCRIPTION: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a...

7.5CVSS8.1AI score0.03514EPSS
Exploits2Affected Software1
Rows per page
Query Builder