OESA-2025-2825

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2825

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2025-2825.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2025-2825

Upstream

CVE-2025-61729

Published

2025-12-12T12:20:39Z

Modified

2025-12-12T12:44:50.613526Z

Summary

golang security update

Details

Security Fix(es):

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.(CVE-2025-61729)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:22.03-LTS-SP3 / golang

Package

Name: golang
Purl: pkg:rpm/openEuler/golang&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.17.3-46.oe2203sp3

Ecosystem specific

{
    "noarch": [
        "golang-devel-1.17.3-46.oe2203sp3.noarch.rpm",
        "golang-help-1.17.3-46.oe2203sp3.noarch.rpm"
    ],
    "src": [
        "golang-1.17.3-46.oe2203sp3.src.rpm"
    ],
    "aarch64": [
        "golang-1.17.3-46.oe2203sp3.aarch64.rpm"
    ],
    "x86_64": [
        "golang-1.17.3-46.oe2203sp3.x86_64.rpm"
    ]
}