Lucene search
K

164 matches found

EUVD
EUVD
added 2025/12/12 5:49 a.m.8 views

EUVD-2025-203031

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...

7.5CVSS6.2AI score0.00403EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/11 4:50 a.m.4 views

CVE-2025-61729

Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...

7.5CVSS6.8AI score0.00459EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.4 views

TencentOS Server 4: golang (TSSA-2025:0940)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0940 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

5.3CVSS7.6AI score0.00526EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/12/05 12:24 a.m.7 views

SUSE CVE-2025-61729

Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...

7.5CVSS6.9AI score0.00459EPSS
Exploits2References43
OSV
OSV
added 2025/12/04 11:41 a.m.9 views

BIT-GOLANG-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509

Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...

7.5CVSS6.7AI score0.00459EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2025/12/04 12:0 a.m.5 views

FreeBSD : go -- excessive resource consumption (245bd19f-d035-11f0-84e9-c7a56e37e3f0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 245bd19f-d035-11f0-84e9-c7a56e37e3f0 advisory. The Go project reports: Within HostnameError.Error, when constructing an error string, there is no limi...

7.5CVSS7.6AI score0.00459EPSS
Exploits2References3
OSV
OSV
added 2025/12/02 7:15 p.m.8 views

AZL-71255 CVE-2025-61729 affecting package golang 1.26.0-1

Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...

7.5CVSS6.6AI score0.00459EPSS
Exploits2References1
OSV
OSV
added 2025/12/02 7:15 p.m.9 views

AZL-78931 CVE-2025-61729 affecting package golang 1.25.7-1

Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...

7.5CVSS6.6AI score0.00459EPSS
Exploits2References1
OSV
OSV
added 2025/12/02 7:15 p.m.8 views

AZL-71305 CVE-2025-61729 affecting package msft-golang 1.24.13-1

Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...

7.5CVSS6.7AI score0.00459EPSS
Exploits2References1
NVD
NVD
added 2025/12/02 7:15 p.m.12 views

CVE-2025-61729

Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...

7.5CVSS0.00459EPSS
Exploits2References4
OSV
OSV
added 2025/12/02 7:15 p.m.6 views

UBUNTU-CVE-2025-61729

Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...

7.5CVSS6.7AI score0.00459EPSS
Exploits2References8
Vulnrichment
Vulnrichment
added 2025/12/02 6:54 p.m.2 views

CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509

Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...

6.4AI score0.00459EPSS
Exploits2References4
OSV
OSV
added 2025/12/02 6:54 p.m.3 views

CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509

Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...

7.5CVSS7.2AI score0.00459EPSS
Exploits2References7
CVE
CVE
added 2025/12/02 6:54 p.m.320 views

CVE-2025-61729

CVE-2025-61729 is a DoS in Go components exposed by crafted certificates, tied to excessive resource consumption from unbounded error string construction (HostnameError.Error) and related quadratic runtime. Multiple advisories (ALSA and container tooling) reference this CVE as a security fix targ...

7.5CVSS6.4AI score0.00459EPSS
Exploits2References4Affected Software1
FreeBSD
FreeBSD
added 2025/12/02 12:0 a.m.8 views

go -- excessive resource consumption

The Go project reports: Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided ...

7.5CVSS6.6AI score0.00459EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.5 views

PT-2025-48769

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.25.5 Description The software contains a flaw in the error handling mechanism within the HostnameError.Error function. Specifically, there is no restriction on the number of hosts printed when constructing an error strin...

9.8CVSS6.4AI score0.00459EPSS
Exploits2
Cvelist
Cvelist
added 2025/11/26 12:48 a.m.8 views

CVE-2025-66260 PostgreSQL SQL Injection (status_sql.php)

PostgreSQL SQL Injection statussql.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform SQL injection via sw1 and sw2 parameters in statussql.php. The statussql.php endpoint constructs...

7.2CVSS0.00268EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/08 10:57 p.m.5 views

CVE-2025-61724

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...

5.3CVSS6.9AI score0.00526EPSS
Exploits0References7
OSV
OSV
added 2025/11/06 12:58 p.m.3 views

BIT-GOLANG-2025-61725 Excessive CPU consumption in ParseAddress in net/mail

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

7.5CVSS8.5AI score0.00613EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/10/30 11:26 p.m.4 views

CVE-2025-61725

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption. Mitigation Mitigation for this issue is either not available or the currently available options do...

7.5CVSS8.1AI score0.00613EPSS
Exploits0References7
Rows per page
Query Builder