SUSE CVE-2026-39820

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

DEBIAN-CVE-2026-39820

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

CVE-2026-39820

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

CLEANSTART-2026-ER42900 ParseAddress function constructs domain-literal address components through repeated string concatenation

Multiple security vulnerabilities affect the external-dns-fips package. The ParseAddress function constructs domain-literal address components through repeated string concatenation. See references for individual vulnerability details...

openSUSE 16 Security Update : go1.25 (openSUSE-SU-2025:20157-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:20157-1 advisory. Update to go1.25.5. Security issues fixed: - CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988887)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988887 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null...

MGASA-2025-0256 Updated golang packages fix security vulnerabilities

Insufficient validation of bracketed IPv6 hostnames in net/url. CVE-2025-47912 Unbounded allocation when parsing GNU sparse map in archive/tar. CVE-2025-58183 Parsing DER payload can cause memory exhaustion in encoding/asn1. CVE-2025-58185 Lack of limit when parsing cookies can cause memory...

EUVD-2025-36739

The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

AZL-69290 CVE-2025-61725 affecting package golang 1.26.0-1

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

CVE-2025-61725

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

UBUNTU-CVE-2025-61725

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

CVE-2025-61725 Excessive CPU consumption in ParseAddress in net/mail

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

Allocation of Resources Without Limits or Throttling

Overview std/net/mail is a Go standard library package std/net/mail Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report:The ParseAddress function constructs domain-literal address components through repeated string...

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilties with an update. Vulnerability Details CVEID:CVE-2021-43784 DESCRIPTION: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a...

Linux Distros Unpatched Vulnerability : CVE-2021-47257

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null deref if the user sets the mode incorrectly for the given addr...

BIT-LIBPHP-2020-7071 FILTER_VALIDATE_URL accepts URLs with invalid userinfo

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filtervar$url, FILTERVALIDATEURL, PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong dat...

OESA-2024-1432 golang security update

The Go Programming Language. Security Fixes: The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different...