Description

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

INFO

Published Date :

2025-12-02T18:54:10.166Z

Last Modified :

2025-12-03T19:37:14.903Z

Source :

Go
AFFECTED PRODUCTS

The following products are affected by CVE-2025-61729 vulnerability.

Vendors Products
Go Standard Library
  • Crypto Tls
Golang
  • Go
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-61729.

URL Resource
https://go.dev/cl/725920 cve-icon cve-icon cve-icon
https://go.dev/issue/76445 cve-icon cve-icon cve-icon
https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-61729 cve-icon
https://pkg.go.dev/vuln/GO-2025-4155 cve-icon cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-61729 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact