CVE-2026-27145

EUVD-2026-34038
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurred even for untrusted certificates.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
Red HatRed Hat Enterprise Linux 10
0:0.152.1-1.el10_2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 10
0:0.9.27-7.el10_2.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 10
1:0.3.8-6.el10_2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 10
0:0.4.9.2-1.el10_2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8
8100020260710105056.a3795dee ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 9
0:1.26.4-1.el9_8 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 9
0:0.152.1-1.el9_8 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 9
2:1.22.2-7.el9_8 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 9
1:0.2.7-8.el9_8 ≤
𝑥
< *
ADP
Red HatMulticluster Global Hub 1.4.5
1784061472 ≤
𝑥
< *
ADP
Red HatRed Hat Developer Hub 1.9
1782767215 ≤
𝑥
< *
ADP
Red HatRed Hat Hardened Images
1.25.11-2.hum1 ≤
𝑥
< *
ADP
Red HatRed Hat Hardened Images
1.26.4-2.hum1 ≤
𝑥
< *
ADP
Red HatRed Hat OpenShift Builds 1.7.4
1783057868 ≤
𝑥
< *
ADP
Red HatRed Hat OpenShift Builds 1.8.1
1784121108 ≤
𝑥
< *
ADP
Red HatRed Hat OpenShift Builds 1.8.1
1783612119 ≤
𝑥
< *
ADP
Red HatRed Hat Trusted Artifact Signer 1.4
4-1.4.2 ≤
𝑥
< *
ADP
Debian logo
Debian Releases
Debian Product
Codename
golang-1.15
bullseye
postponed
golang-1.19
bookworm
no-dsa
golang-1.24
trixie
no-dsa
golang-1.25
forky
1.25.12-1
fixed
sid
1.25.12-1
fixed
golang-1.26
forky
1.26.5-1
fixed
sid
1.26.5-1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
go-toolset
RHEL 9
0:1.26.4-1.el9_8
fixed
golang
RHEL 9
0:1.26.4-1.el9_8
fixed
golang-bin
RHEL 9
0:1.26.4-1.el9_8
fixed
golang-docs
RHEL 9
0:1.26.4-1.el9_8
fixed
golang-misc
RHEL 9
0:1.26.4-1.el9_8
fixed
golang-race
RHEL 9
0:1.26.4-1.el9_8
fixed
golang-src
RHEL 9
0:1.26.4-1.el9_8
fixed
golang-tests
RHEL 9
0:1.26.4-1.el9_8
fixed
opentelemetry-collector
RHEL 9
0:0.152.1-1.el9_8
fixed
rhc
RHEL 9
1:0.2.7-8.el9_8
fixed
rhc-devel
RHEL 9
1:0.2.7-8.el9_8
fixed
skopeo
RHEL 9
2:1.22.2-7.el9_8
fixed
skopeo-tests
RHEL 9
2:1.22.2-7.el9_8
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
compat-golang-github-cpuguy83-md2man-2-devel
Amazon Linux 2023
0:2.0.2-24.amzn2023.0.8
fixed
containerd
Amazon Linux 2023
0:2.2.5-1.amzn2023.0.1
fixed
containerd-debuginfo
Amazon Linux 2023
0:2.2.5-1.amzn2023.0.1
fixed
containerd-debugsource
Amazon Linux 2023
0:2.2.5-1.amzn2023.0.1
fixed
containerd-stress
Amazon Linux 2023
0:2.2.5-1.amzn2023.0.1
fixed
containerd-stress-debuginfo
Amazon Linux 2023
0:2.2.5-1.amzn2023.0.1
fixed
credentials-fetcher
Amazon Linux 2023
0:2.0.3-1.amzn2023.0.1
fixed
docker
Amazon Linux 2023
0:25.0.16-1.amzn2023.0.3
fixed
docker-debuginfo
Amazon Linux 2023
0:25.0.16-1.amzn2023.0.3
fixed
docker-debugsource
Amazon Linux 2023
0:25.0.16-1.amzn2023.0.3
fixed
ecs-init
Amazon Linux 2023
0:1.105.0-1.amzn2023
fixed
golang
Amazon Linux 2
0:1.25.11-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.25.11-1.amzn2023.0.1
fixed
golang-bin
Amazon Linux 2
0:1.25.11-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.25.11-1.amzn2023.0.1
fixed
golang-docs
Amazon Linux 2
0:1.25.11-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.25.11-1.amzn2023.0.1
fixed
golang-github-burntsushi-toml
Amazon Linux 2023
0:1.5.0-1.amzn2023.0.2
fixed
golang-github-burntsushi-toml-debuginfo
Amazon Linux 2023
0:1.5.0-1.amzn2023.0.2
fixed
golang-github-burntsushi-toml-debugsource
Amazon Linux 2023
0:1.5.0-1.amzn2023.0.2
fixed
golang-github-burntsushi-toml-devel
Amazon Linux 2023
0:1.5.0-1.amzn2023.0.2
fixed
golang-github-burntsushi-toml-test
Amazon Linux 2023
0:0.2.0-8.amzn2023.0.4
fixed
golang-github-burntsushi-toml-test-debuginfo
Amazon Linux 2023
0:0.2.0-8.amzn2023.0.4
fixed
golang-github-burntsushi-toml-test-debugsource
Amazon Linux 2023
0:0.2.0-8.amzn2023.0.4
fixed
golang-github-burntsushi-toml-test-devel
Amazon Linux 2023
0:0.2.0-8.amzn2023.0.4
fixed
golang-github-cpuguy83-md2man
Amazon Linux 2023
0:2.0.2-24.amzn2023.0.8
fixed
golang-github-cpuguy83-md2man-debuginfo
Amazon Linux 2023
0:2.0.2-24.amzn2023.0.8
fixed
golang-github-cpuguy83-md2man-debugsource
Amazon Linux 2023
0:2.0.2-24.amzn2023.0.8
fixed
golang-github-cpuguy83-md2man-devel
Amazon Linux 2023
0:2.0.2-24.amzn2023.0.8
fixed
golang-misc
Amazon Linux 2
0:1.25.11-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.25.11-1.amzn2023.0.1
fixed
golang-shared
Amazon Linux 2
0:1.25.11-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.25.11-1.amzn2023.0.1
fixed
golang-src
Amazon Linux 2
0:1.25.11-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.25.11-1.amzn2023.0.1
fixed
golang-tests
Amazon Linux 2
0:1.25.11-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.25.11-1.amzn2023.0.1
fixed
golist
Amazon Linux 2
0:0.10.1-10.amzn2.0.14
fixed
Amazon Linux 2023
0:0.10.4-12.amzn2023.0.10
fixed
golist-debuginfo
Amazon Linux 2
0:0.10.1-10.amzn2.0.14
fixed
Amazon Linux 2023
0:0.10.4-12.amzn2023.0.10
fixed
golist-debugsource
Amazon Linux 2023
0:0.10.4-12.amzn2023.0.10
fixed
nerdctl
Amazon Linux 2
0:2.2.2-1.amzn2.0.4
fixed
Amazon Linux 2023
0:2.2.2-1.amzn2023.0.4
fixed
nerdctl-debuginfo
Amazon Linux 2
0:2.2.2-1.amzn2.0.4
fixed
soci-snapshotter
Amazon Linux 2023
0:0.14.1-1.amzn2023.0.1
fixed