CVE-2025-61729
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-02
Last updated on: 2025-12-04
Assigner: Go Project
Description
Description
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| golang | go | 1.25.0 |
| golang | go | 1.25.5 |
| golang | go | 1.24.11 |
| golang | go | 1.26 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs within the HostnameError.Error() function, where the error string construction does not limit the number of hosts printed. The string is built using repeated concatenation, causing quadratic runtime. As a result, a malicious certificate can cause excessive resource consumption.
How can this vulnerability impact me? :
The vulnerability can lead to excessive resource consumption on the affected system, potentially causing performance degradation or denial of service if a malicious certificate triggers the error string construction.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70