cbcvebase.
CVE-2025-61729
published 2025-12-02

CVE-2025-61729: Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error…

PriorityP338high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.45%
35.9th percentile
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Affected

31 ranges· showing 25
VendorProductVersion rangeFixed in
debiangolang-1.15< golang-1.24 1.24.12-1 (forky)golang-1.24 1.24.12-1 (forky)
debiangolang-1.19< golang-1.24 1.24.12-1 (forky)golang-1.24 1.24.12-1 (forky)
debiangolang-1.24< golang-1.24 1.24.12-1 (forky)golang-1.24 1.24.12-1 (forky)
debiangolang-1.25< golang-1.24 1.24.12-1 (forky)golang-1.24 1.24.12-1 (forky)
github.comopen-feature_flagd_core>= 0 < 0.13.10.13.1
github.comopen-feature_flagd_flagd>= 0 < 0.13.10.13.1
github.comopen-feature_flagd_flagd-proxy>= 0 < 0.8.20.8.2
go_standard_librarycrypto_x509< 1.24.111.24.11
go_standard_librarycrypto_x509>= 1.25.0 < 1.25.51.25.5
golanggo< 1.24.111.24.11
golanggo>= 1.25.0 < 1.25.51.25.5
msrcazl3_gcc_13.2.0-7
msrcazl3_golang_1.23.12-1
msrcazl3_golang_1.25.3-1
msrcazl3_golang_1.25.5-1
msrcazl3_golang_1.25.6-1
msrcazl3_golang_1.25.7-1
msrcazl3_golang_1.25.8-1
msrcazl3_golang_1.26.0-1
msrcazl3_python-tensorboard_2.16.2-6
msrcazl3_tensorflow_2.16.1-9
msrccbl2_gcc_11.2.0-8
msrccbl2_gcc_11.2.0-9
msrccbl2_golang_1.18.8-10
msrccbl2_golang_1.22.7-5

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.0HIGH
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.