CVE-2025-61729

EUVD-2025-200318
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Affected Products (NVD)
VendorProductVersion
golanggo
𝑥
< 1.24.11
golanggo
1.25.0 ≤
𝑥
< 1.25.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
golang-1.15
bullseye
postponed
golang-1.19
bookworm
no-dsa
golang-1.24
trixie
no-dsa
golang-1.25
forky
1.25.10-2
fixed
sid
1.25.11-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
golang-1.24
jammy
needs-triage
noble
needs-triage
plucky
ignored
questing
needs-triage
resolute
needs-triage
golang-1.25
jammy
dne
noble
dne
plucky
dne
questing
needs-triage
resolute
needs-triage
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
buildah
RHEL 9
2:1.41.8-2.el9_7
fixed
buildah-tests
RHEL 9
2:1.41.8-2.el9_7
fixed
containernetworking-plugins
RHEL 9
1:1.7.1-3.el9_7
fixed
git-lfs
RHEL 9
0:3.6.1-7.el9_7
fixed
go-toolset
RHEL 9
0:1.25.5-2.el9_7
fixed
golang
RHEL 9
0:1.25.5-2.el9_7
fixed
golang-bin
RHEL 9
0:1.25.5-2.el9_7
fixed
golang-docs
RHEL 9
0:1.25.5-2.el9_7
fixed
golang-misc
RHEL 9
0:1.25.5-2.el9_7
fixed
golang-race
RHEL 9
0:1.25.5-2.el9_7
fixed
golang-src
RHEL 9
0:1.25.5-2.el9_7
fixed
golang-tests
RHEL 9
0:1.25.5-2.el9_7
fixed
grafana
RHEL 8
0:9.2.10-27.el8_10
fixed
RHEL 8.2 AUS
0:6.3.6-10.el8_2
fixed
RHEL 9
0:10.2.6-18.el9_7
fixed
grafana-azure-monitor
RHEL 8.2 AUS
0:6.3.6-10.el8_2
fixed
grafana-cloudwatch
RHEL 8.2 AUS
0:6.3.6-10.el8_2
fixed
grafana-elasticsearch
RHEL 8.2 AUS
0:6.3.6-10.el8_2
fixed
grafana-graphite
RHEL 8.2 AUS
0:6.3.6-10.el8_2
fixed
grafana-influxdb
RHEL 8.2 AUS
0:6.3.6-10.el8_2
fixed
grafana-loki
RHEL 8.2 AUS
0:6.3.6-10.el8_2
fixed
grafana-mssql
RHEL 8.2 AUS
0:6.3.6-10.el8_2
fixed
grafana-mysql
RHEL 8.2 AUS
0:6.3.6-10.el8_2
fixed
grafana-opentsdb
RHEL 8.2 AUS
0:6.3.6-10.el8_2
fixed
grafana-pcp
RHEL 9
0:5.1.1-12.el9_7
fixed
grafana-postgres
RHEL 8.2 AUS
0:6.3.6-10.el8_2
fixed
grafana-prometheus
RHEL 8.2 AUS
0:6.3.6-10.el8_2
fixed
grafana-selinux
RHEL 8
0:9.2.10-27.el8_10
fixed
RHEL 9
0:10.2.6-18.el9_7
fixed
grafana-stackdriver
RHEL 8.2 AUS
0:6.3.6-10.el8_2
fixed
image-builder
RHEL 9
0:31-3.el9_7
fixed
opentelemetry-collector
RHEL 9
0:0.135.0-3.el9_7
fixed
osbuild-composer
RHEL 8
0:101.4-3.el8_10
fixed
RHEL 8.4 AUS
0:28.7-5.el8_4
fixed
RHEL 8.6 AUS
0:46.3-6.el8_6
fixed
RHEL 8.6 E4S
0:46.3-6.el8_6
fixed
RHEL 8.6 TUS
0:46.3-6.el8_6
fixed
RHEL 8.8 E4S
0:75-7.el8_8
fixed
RHEL 8.8 TUS
0:75-7.el8_8
fixed
RHEL 9
0:149-4.el9_7
fixed
osbuild-composer-core
RHEL 8
0:101.4-3.el8_10
fixed
RHEL 8.4 AUS
0:28.7-5.el8_4
fixed
RHEL 8.6 AUS
0:46.3-6.el8_6
fixed
RHEL 8.6 E4S
0:46.3-6.el8_6
fixed
RHEL 8.6 TUS
0:46.3-6.el8_6
fixed
RHEL 8.8 E4S
0:75-7.el8_8
fixed
RHEL 8.8 TUS
0:75-7.el8_8
fixed
RHEL 9
0:149-4.el9_7
fixed
osbuild-composer-dnf-json
RHEL 8.6 AUS
0:46.3-6.el8_6
fixed
RHEL 8.6 E4S
0:46.3-6.el8_6
fixed
RHEL 8.6 TUS
0:46.3-6.el8_6
fixed
RHEL 8.8 E4S
0:75-7.el8_8
fixed
RHEL 8.8 TUS
0:75-7.el8_8
fixed
osbuild-composer-worker
RHEL 8
0:101.4-3.el8_10
fixed
RHEL 8.4 AUS
0:28.7-5.el8_4
fixed
RHEL 8.6 AUS
0:46.3-6.el8_6
fixed
RHEL 8.6 E4S
0:46.3-6.el8_6
fixed
RHEL 8.6 TUS
0:46.3-6.el8_6
fixed
RHEL 8.8 E4S
0:75-7.el8_8
fixed
RHEL 8.8 TUS
0:75-7.el8_8
fixed
RHEL 9
0:149-4.el9_7
fixed
podman
RHEL 9
6:5.6.0-14.el9_7
fixed
podman-docker
RHEL 9
6:5.6.0-14.el9_7
fixed
podman-plugins
RHEL 9
6:5.6.0-14.el9_7
fixed
podman-remote
RHEL 9
6:5.6.0-14.el9_7
fixed
podman-tests
RHEL 9
6:5.6.0-14.el9_7
fixed
rhc
RHEL 9
1:0.2.7-2.el9_7
fixed
rhc-devel
RHEL 9
1:0.2.7-2.el9_7
fixed
runc
RHEL 9
4:1.4.0-2.el9_7
fixed
skopeo
RHEL 9
2:1.20.0-3.el9_7
fixed
skopeo-tests
RHEL 9
2:1.20.0-3.el9_7
fixed
Common Weakness Enumeration
References
https://go.dev/cl/725920
https://go.dev/issue/76445
https://groups.google.com/g/golang-announce/c/8FJoBkPddm4
https://pkg.go.dev/vuln/GO-2025-4155