CVEFinder.io

CVE-2025-61729

⚠️ high
Summary

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

CVSS Score
7.5
High
EPSS Score
0.0
Exploit Probability
Published Date
2025-12-02
First Seen: 2026-01-05
Last Modified 2025-12-19
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-295

🔗 References 4

https://go.dev/cl/725920
Patch
https://go.dev/issue/76445
Issue Tracking Patch
https://groups.google.com/g/golang-announce/c/8FJoBk...
Mailing List Release Notes
https://pkg.go.dev/vuln/GO-2025-4155
Vendor Advisory

📦 Affected Products 2

Vendor Product Status Affected Versions
golang go Affected
< 1.24.11
golang go Affected
≥ 1.25.0 < 1.25.5

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-61726 ⚠️ high 7.5 0.0 The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query p... 2026-01-28
CVE-2025-61728 🔶 medium 6.5 0.0 archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is open... 2026-01-28
CVE-2025-61730 🔶 medium 5.3 0.0 During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instanc... 2026-01-28
CVE-2025-61731 ⚠️ high 7.8 0.0 Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of... 2026-01-28
CVE-2025-68119 ⚠️ high 7.0 0.0 Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercuria... 2026-01-28
CVE-2025-61727 🔶 medium 6.5 0.0 An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certifi... 2025-12-03
These CVEs affect the same products