CVE-2026-27145
published 2026-06-02CVE-2026-27145: (*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused…
PriorityP337medium6.5CVSS 3.1
AVNACHPRNUINSUCNILAH
EPSS
0.65%
46.5th percentile
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurred even for untrusted certificates.
Affected
56 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 3scale-amp2 | 3scale-rhel7-operator | — | — |
| 3scale-amp2 | 3scale-rhel9-operator | — | — |
| ansible-automation-platform-27 | receptor-rhel9 | — | — |
| cert-manager | jetstack-cert-manager-rhel9 | — | — |
| compliance | openshift-compliance-operator-bundle | — | — |
| compliance | openshift-selinuxd-rhel8 | — | — |
| container-tools_rhel8 | buildah | — | — |
| container-tools_rhel8 | containernetworking-plugins | — | — |
| container-tools_rhel8 | runc | — | — |
| container-tools_rhel8 | skopeo | — | — |
| container-tools_rhel8 | toolbox | — | — |
| devworkspace | devworkspace-rhel9-operator | — | — |
| dvo | deployment-validation-rhel8-operator | — | — |
| external-secrets-operator | external-secrets-rhel9 | — | — |
| go-toolset_rhel8 | golang | — | — |
| go_standard_library | crypto_x509 | < 1.25.11 | 1.25.11 |
| go_standard_library | crypto_x509 | >= 1.26.0-0 < 1.26.4 | 1.26.4 |
| jetbrains | toolbox | — | — |
| kubernetes | cri-o | — | — |
| multiarch-tuning | multiarch-tuning-rhel9-operator | — | — |
| multicluster-globalhub | multicluster-globalhub-agent-rhel9 | — | — |
| network-observability | network-observability-cli-rhel9 | — | — |
| node-healthcheck-operator-tech-preview | node-healthcheck-operator-rhel8 | — | — |
| node-healthcheck-operator-tech-preview | node-healthcheck-rhel8-operator | — | — |
| oadp | oadp-velero-rhel9 | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
crypto-x509 up to 1.25.10/1.26.3 on Go VerifyHostname algorithmic complexity
vuldb·2026-06-03
CVE-2026-27145 [LOW] crypto-x509 up to 1.25.10/1.26.3 on Go VerifyHostname algorithmic complexity
A vulnerability identified as problematic has been detected in crypto-x509 up to 1.25.10/1.26.3 on Go. This vulnerability affects the function VerifyHostname. This manipulation causes inefficient algorithmic complexity.
This vulnerability is handled as CVE-2026-27145. The attack can be initiated remotely. There is not any exploit available.
You should upgrade the affected component.
GHSA
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries.
ghsa_unreviewed·2026-06-03
CVE-2026-27145 (*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurred even for untrusted certificates.
Red Hat
crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries
vendor_redhat·2026-06-02·CVSS 6.5
CVE-2026-27145 [MEDIUM] CWE-606 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries
crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurred even for untrusted certificates.
A flaw was found in the `crypto/x509` package of `golang`. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by presenting a specially crafted X.509 certificate with a l
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-27145 apptainer: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 apptainer: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 apptainer: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead
Bugzilla
CVE-2026-27145 prometheus-podman-exporter: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 prometheus-podman-exporter: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 prometheus-podman-exporter: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate ch
Bugzilla
CVE-2026-27145 toolbox: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 toolbox: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 toolbox: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead
Bugzilla
CVE-2026-27145 golang-github-evanw-esbuild: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-evanw-esbuild: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 golang-github-evanw-esbuild: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate cha
Bugzilla
CVE-2026-27145 spoofdpi: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 spoofdpi: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 spoofdpi: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead
Bugzilla
CVE-2026-27145 golang-github-hexdigest-gowrap: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-hexdigest-gowrap: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-hexdigest-gowrap: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificat
Bugzilla
CVE-2026-27145 golang-github-jmespath: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-jmespath: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 golang-github-jmespath: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, t
Bugzilla
CVE-2026-27145 golang-github-googleapis-gnostic: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-googleapis-gnostic: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-googleapis-gnostic: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certific
Bugzilla
CVE-2026-27145 toxcore: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 toxcore: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 toxcore: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead
Bugzilla
CVE-2026-27145 golang-github-uber-athenadriver: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-uber-athenadriver: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-uber-athenadriver: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certifica
Bugzilla
CVE-2026-27145 golang-github-projectdiscovery-mapcidr: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-projectdiscovery-mapcidr: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-projectdiscovery-mapcidr: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the ce
Bugzilla
CVE-2026-27145 golang-mau-util: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-mau-util: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-mau-util: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this o
Bugzilla
CVE-2026-27145 docker-buildx: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 docker-buildx: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 docker-buildx: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this ove
Bugzilla
CVE-2026-27145 govulncheck: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 govulncheck: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 govulncheck: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhea
Bugzilla
CVE-2026-27145 golang-github-mock: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-mock: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 golang-github-mock: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this
Bugzilla
CVE-2026-27145 node-exporter: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 node-exporter: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 node-exporter: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this ove
Bugzilla
CVE-2026-27145 alertmanager: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 alertmanager: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 alertmanager: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this over
Bugzilla
CVE-2026-27145 skopeo: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 skopeo: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 skopeo: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead o
Bugzilla
CVE-2026-27145 golang-github-mock: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-mock: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-mock: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, thi
Bugzilla
CVE-2026-27145 golang-x-text: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-x-text: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 golang-x-text: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overh
Bugzilla
CVE-2026-27145 golang-github-theupdateframework-notary: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-theupdateframework-notary: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-theupdateframework-notary: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the c
Bugzilla
CVE-2026-27145 complyctl: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 complyctl: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 complyctl: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhea
Bugzilla
CVE-2026-27145 containernetworking-plugins: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 containernetworking-plugins: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 containernetworking-plugins: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate c
Bugzilla
CVE-2026-27145 goss: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 goss: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 goss: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occ
Bugzilla
CVE-2026-27145 golang-x-tools: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-x-tools: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 golang-x-tools: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this over
Bugzilla
CVE-2026-27145 aerc: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 aerc: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 aerc: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occ
Bugzilla
CVE-2026-27145 golang-ariga-atlas: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-ariga-atlas: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-ariga-atlas: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, thi
Bugzilla
CVE-2026-27145 golang-github-rakyll-statik: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-rakyll-statik: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-rakyll-statik: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate c
Bugzilla
CVE-2026-27145 pack: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 pack: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 pack: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occ
Bugzilla
CVE-2026-27145 golang-github-prometheus-prom2json: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-prometheus-prom2json: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-prometheus-prom2json: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certif
Bugzilla
CVE-2026-27145 mqttcli: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 mqttcli: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 mqttcli: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead
Bugzilla
CVE-2026-27145 golang-github-cloudflare-redoctober: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-cloudflare-redoctober: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-cloudflare-redoctober: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certi
Bugzilla
CVE-2026-27145 thrift: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 thrift: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 thrift: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead o
Bugzilla
CVE-2026-27145 golang-x-debug: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-x-debug: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-x-debug: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this ov
Bugzilla
CVE-2026-27145 golang-github-cpu-goacmedns: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-cpu-goacmedns: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-cpu-goacmedns: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate c
Bugzilla
CVE-2026-27145 htmltest: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 htmltest: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 htmltest: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead
Bugzilla
CVE-2026-27145 spoofdpi: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 spoofdpi: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 spoofdpi: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead o
Bugzilla
CVE-2026-27145 git-credential-azure: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 git-credential-azure: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 git-credential-azure: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, t
Bugzilla
CVE-2026-27145 git-credential-oauth: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 git-credential-oauth: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 git-credential-oauth: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, t
Bugzilla
CVE-2026-27145 ov: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 ov: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 ov: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occur
Bugzilla
CVE-2026-27145 nng: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 nng: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 nng: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occu
Bugzilla
CVE-2026-27145 prometheus-podman-exporter: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 prometheus-podman-exporter: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 prometheus-podman-exporter: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chai
Bugzilla
CVE-2026-27145 golang-github-cucumber-godog: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-cucumber-godog: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-cucumber-godog: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate
Bugzilla
CVE-2026-27145 golang-github-pelletier-toml: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-pelletier-toml: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-pelletier-toml: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate
Bugzilla
CVE-2026-27145 golang-github-prometheus-alertmanager: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-prometheus-alertmanager: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 golang-github-prometheus-alertmanager: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certi
Bugzilla
CVE-2026-27145 golang-github-cloudflare: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-cloudflare: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-cloudflare: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chai
Bugzilla
CVE-2026-27145 golang-github-niklasfasching-org: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-niklasfasching-org: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-niklasfasching-org: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certific
Bugzilla
CVE-2026-27145 golang-github-deepmap-oapi-codegen: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-deepmap-oapi-codegen: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-deepmap-oapi-codegen: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certif
Bugzilla
CVE-2026-27145 source-to-image: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 source-to-image: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 source-to-image: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this o
Bugzilla
CVE-2026-27145 httpdump: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 httpdump: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 httpdump: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead
Bugzilla
CVE-2026-27145 k9s: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 k9s: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 k9s: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occu
Bugzilla
CVE-2026-27145 golang-oras: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-oras: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-oras: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overh
Bugzilla
CVE-2026-27145 i2c-display: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 i2c-display: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 i2c-display: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overh
Bugzilla
CVE-2026-27145 podman-tui: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 podman-tui: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 podman-tui: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead
Bugzilla
CVE-2026-27145 golang-github-theoapp-theo-agent: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-theoapp-theo-agent: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-theoapp-theo-agent: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certific
Bugzilla
CVE-2026-27145 inspektor-gadget: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 inspektor-gadget: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 inspektor-gadget: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this
Bugzilla
CVE-2026-27145 golang-x-mobile: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-x-mobile: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-x-mobile: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this o
Bugzilla
CVE-2026-27145 golang-github-pelletier-toml: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-pelletier-toml: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 golang-github-pelletier-toml: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate ch
Bugzilla
CVE-2026-27145 smtprelay: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 smtprelay: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 smtprelay: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead
Bugzilla
CVE-2026-27145 golang-github-cloudflare-cfssl: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-cloudflare-cfssl: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-cloudflare-cfssl: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificat
Bugzilla
CVE-2026-27145 golang-github-mailru-easyjson: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-mailru-easyjson: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 golang-github-mailru-easyjson: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate c
Bugzilla
CVE-2026-27145 golang-github-markbates-pkger: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-markbates-pkger: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-markbates-pkger: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate
Bugzilla
CVE-2026-27145 gvisor-tap-vsock: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 gvisor-tap-vsock: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 gvisor-tap-vsock: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this
Bugzilla
CVE-2026-27145 golang-x-vuln: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-x-vuln: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 golang-x-vuln: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overh
Bugzilla
CVE-2026-27145 golang-x-perf: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-x-perf: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-x-perf: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this ove
Bugzilla
CVE-2026-27145 golang-x-tools: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-x-tools: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-x-tools: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this ov
Bugzilla
CVE-2026-27145 oci-delta: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 oci-delta: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 oci-delta: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhea
Bugzilla
CVE-2026-27145 d2: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 d2: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 d2: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occur
Bugzilla
CVE-2026-27145 gopass-jsonapi: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 gopass-jsonapi: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 gopass-jsonapi: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this ov
Bugzilla
CVE-2026-27145 apptainer: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 apptainer: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 apptainer: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhea
Bugzilla
CVE-2026-27145 restic: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 restic: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 restic: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead o
Bugzilla
CVE-2026-27145 gmailctl: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 gmailctl: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 gmailctl: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead
Bugzilla
CVE-2026-27145 golang-github-rootless-containers-rootlesskit: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-rootless-containers-rootlesskit: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-rootless-containers-rootlesskit: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building
Bugzilla
CVE-2026-27145 golang-github-nats-io-streaming-server: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-nats-io-streaming-server: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-nats-io-streaming-server: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the ce
Bugzilla
CVE-2026-27145 pack: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 pack: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 pack: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occur
Bugzilla
CVE-2026-27145 mkcert: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 mkcert: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 mkcert: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead o
Bugzilla
CVE-2026-27145 DankMaterialShell: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 DankMaterialShell: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 DankMaterialShell: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this
Bugzilla
CVE-2026-27145 opentofu: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 opentofu: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 opentofu: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead
Bugzilla
CVE-2026-27145 golang-github-opencontainers-runtime-tools: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-opencontainers-runtime-tools: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-opencontainers-runtime-tools: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building th
Bugzilla
CVE-2026-27145 golang-google-appengine: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-google-appengine: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-google-appengine: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain
Bugzilla
CVE-2026-27145 transifex-client: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 transifex-client: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 transifex-client: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this
Bugzilla
CVE-2026-27145 node-exporter: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 node-exporter: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 node-exporter: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overh
Bugzilla
CVE-2026-27145 dnsx: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 dnsx: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 dnsx: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occ
Bugzilla
CVE-2026-27145 trivy: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 trivy: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 trivy: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occu
Bugzilla
CVE-2026-27145 golang-github-facebookincubator-dhcplb: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-facebookincubator-dhcplb: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-facebookincubator-dhcplb: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the ce
Bugzilla
CVE-2026-27145 python-opencensus-proto: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 python-opencensus-proto: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 python-opencensus-proto: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain
Bugzilla
CVE-2026-27145 alertmanager: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 alertmanager: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 alertmanager: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhe
Bugzilla
CVE-2026-27145 danksearch: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 danksearch: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 danksearch: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhe
Bugzilla
CVE-2026-27145 kind: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 kind: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 kind: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occ
Bugzilla
CVE-2026-27145 age: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 age: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 age: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurr
Bugzilla
CVE-2026-27145 golang-x-mod: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-x-mod: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-x-mod: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this over
Bugzilla
CVE-2026-27145 grype: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 grype: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 grype: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead oc
Bugzilla
CVE-2026-27145 trayscale: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 trayscale: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 trayscale: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhea
Bugzilla
CVE-2026-27145 govulncheck: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 govulncheck: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 govulncheck: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overh
Bugzilla
CVE-2026-27145 golang-github-chromedp: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-chromedp: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-chromedp: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain,
Bugzilla
CVE-2026-27145 xq: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 xq: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 xq: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurre
Bugzilla
CVE-2026-27145 golang-github-google-pprof: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-google-pprof: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-google-pprof: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate ch
Bugzilla
CVE-2026-27145 golang-github-containerd-fuse-overlayfs-snapshotter: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-containerd-fuse-overlayfs-snapshotter: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-containerd-fuse-overlayfs-snapshotter: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before bu
Bugzilla
CVE-2026-27145 trivy: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 trivy: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 trivy: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead oc
Bugzilla
CVE-2026-27145 clash-meta: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 clash-meta: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 clash-meta: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead
Bugzilla
CVE-2026-27145 opkssh: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 opkssh: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 opkssh: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occ
Bugzilla
CVE-2026-27145 golang-github-projectdiscovery-chaos-client: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-projectdiscovery-chaos-client: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-projectdiscovery-chaos-client: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building t
Bugzilla
CVE-2026-27145 opkssh: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 opkssh: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 opkssh: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead o
Bugzilla
CVE-2026-27145 golang-k8s-code-generator: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-k8s-code-generator: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-k8s-code-generator: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate cha
Bugzilla
CVE-2026-27145 golang-github-pdfcpu: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-pdfcpu: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-pdfcpu: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, t
Bugzilla
CVE-2026-27145 xq: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 xq: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 xq: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occur
Bugzilla
CVE-2026-27145 golang-github-rogpeppe-internal: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-rogpeppe-internal: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 golang-github-rogpeppe-internal: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate
Bugzilla
CVE-2026-27145 betterleaks: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 betterleaks: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 betterleaks: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhea
Bugzilla
CVE-2026-27145 gopass: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 gopass: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 gopass: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead o
Bugzilla
CVE-2026-27145 bpfman: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 bpfman: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 bpfman: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead o
Bugzilla
CVE-2026-27145 golang-github-googleapis-gnostic: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-googleapis-gnostic: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 golang-github-googleapis-gnostic: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificat
Bugzilla
CVE-2026-27145 golang-github-geertjohan-rice: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-geertjohan-rice: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-geertjohan-rice: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate
Bugzilla
CVE-2026-27145 hut: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 hut: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 hut: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occu
Bugzilla
CVE-2026-27145 golang-uber-mock: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-uber-mock: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-uber-mock: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this
Bugzilla
CVE-2026-27145 stargz-snapshotter: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 stargz-snapshotter: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 stargz-snapshotter: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, thi
Bugzilla
CVE-2026-27145 golang-github-gobwas-ws: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-gobwas-ws: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-gobwas-ws: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain
Bugzilla
CVE-2026-27145 asnmap: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 asnmap: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 asnmap: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead o
Bugzilla
CVE-2026-27145 headscale: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 headscale: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 headscale: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhea
Bugzilla
CVE-2026-27145 grpcurl: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 grpcurl: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 grpcurl: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead
Bugzilla
CVE-2026-27145 mcp-dap-server: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 mcp-dap-server: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 mcp-dap-server: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this ov
Bugzilla
CVE-2026-27145 containers-common: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 containers-common: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 containers-common: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this
Bugzilla
CVE-2026-27145 restic: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 restic: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 restic: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occ
Bugzilla
CVE-2026-27145 pywhispercpp: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 pywhispercpp: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 pywhispercpp: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this over
Bugzilla
CVE-2026-27145 yggdrasil: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 yggdrasil: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 yggdrasil: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhea
Bugzilla
CVE-2026-27145 kitty: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 kitty: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 kitty: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead oc
Bugzilla
CVE-2026-27145 golang-github-openprinting-ipp-usb: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-openprinting-ipp-usb: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-openprinting-ipp-usb: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certif
Bugzilla
CVE-2026-27145 golang-github-grpc-ecosystem-gateway: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-grpc-ecosystem-gateway: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-grpc-ecosystem-gateway: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the cert
Bugzilla
CVE-2026-27145 kappanhang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 kappanhang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 kappanhang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhe
Bugzilla
CVE-2026-27145 golang-github-eclipse-paho-mqtt: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-eclipse-paho-mqtt: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-eclipse-paho-mqtt: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certifica
Bugzilla
CVE-2026-27145 reg: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 reg: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 reg: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurr
Bugzilla
CVE-2026-27145 clash-meta: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 clash-meta: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 clash-meta: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhe
Bugzilla
CVE-2026-27145 golang-github-rogpeppe-internal: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-rogpeppe-internal: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-rogpeppe-internal: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certifica
Bugzilla
CVE-2026-27145 mingw-spirv-tools: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 mingw-spirv-tools: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 mingw-spirv-tools: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this
Bugzilla
CVE-2026-27145 butane: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 butane: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 butane: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead o
Bugzilla
CVE-2026-27145 age: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 age: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 age: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occu
Bugzilla
CVE-2026-27145 golang-github-cockroachdb-pebble: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-cockroachdb-pebble: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-cockroachdb-pebble: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certific
Bugzilla
CVE-2026-27145 golang-x-mod: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-x-mod: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 golang-x-mod: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhe
Bugzilla
CVE-2026-27145 golang-github-temoto-robotstxt: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-temoto-robotstxt: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-temoto-robotstxt: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificat
Bugzilla
CVE-2026-27145 golang-github-hashicorp-sockaddr: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-hashicorp-sockaddr: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-hashicorp-sockaddr: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certific
Bugzilla
CVE-2026-27145 anubis: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 anubis: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 anubis: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead o
Bugzilla
CVE-2026-27145 dgop: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 dgop: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 dgop: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occ
Bugzilla
CVE-2026-27145 git-credential-oauth: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 git-credential-oauth: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 git-credential-oauth: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, thi
Bugzilla
CVE-2026-27145 golang-github-spyzhov-ajson: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-spyzhov-ajson: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-spyzhov-ajson: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate c
Bugzilla
CVE-2026-27145 golang-sigs-k8s-aws-iam-authenticator: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-sigs-k8s-aws-iam-authenticator: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-sigs-k8s-aws-iam-authenticator: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the cer
Bugzilla
CVE-2026-27145 ollama: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 ollama: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 ollama: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead o
Bugzilla
CVE-2026-27145 whisper-cpp: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 whisper-cpp: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 whisper-cpp: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overh
Bugzilla
CVE-2026-27145 go-fdo-server: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 go-fdo-server: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 go-fdo-server: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this ove
Bugzilla
CVE-2026-27145 golang-k8s-kube-openapi: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-k8s-kube-openapi: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-k8s-kube-openapi: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain
Bugzilla
CVE-2026-27145 golang-github-francoispqt-gojay: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-francoispqt-gojay: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-francoispqt-gojay: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certifica
Bugzilla
CVE-2026-27145 golie: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golie: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 golie: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occu
Bugzilla
CVE-2026-27145 gopls: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 gopls: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 gopls: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead oc
Bugzilla
CVE-2026-27145 golang-x-text: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-x-text: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-x-text: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this ove
Bugzilla
CVE-2026-27145 autorestic: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 autorestic: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 autorestic: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhe
Bugzilla
CVE-2026-27145 golang-github-hashicorp-serf: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-hashicorp-serf: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-hashicorp-serf: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate
Bugzilla
CVE-2026-27145 podman-tui: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 podman-tui: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 podman-tui: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhe
Bugzilla
CVE-2026-27145 golang-x-exp: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-x-exp: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-x-exp: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this over
Bugzilla
CVE-2026-27145 ipp-usb: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 ipp-usb: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 ipp-usb: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead
Bugzilla
CVE-2026-27145 gphotosdl: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 gphotosdl: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 gphotosdl: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhea
Bugzilla
CVE-2026-27145 receptor: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 receptor: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 receptor: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead o
Bugzilla
CVE-2026-27145 golang-github-evanw-esbuild: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-evanw-esbuild: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-evanw-esbuild: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate c
Bugzilla
CVE-2026-27145 lw-cli: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 lw-cli: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 lw-cli: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead o
Bugzilla
CVE-2026-27145 golang-github-mailru-easyjson: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-mailru-easyjson: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-mailru-easyjson: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate
Bugzilla
CVE-2026-27145 vhs: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 vhs: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 vhs: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occu
Bugzilla
CVE-2026-27145 kitty: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 kitty: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 kitty: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occu
Bugzilla
CVE-2026-27145 golang-x-vuln: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-x-vuln: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-x-vuln: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this ove
Bugzilla
CVE-2026-27145 golang-github-pact-foundation: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-pact-foundation: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-pact-foundation: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate
Bugzilla
CVE-2026-27145 golang-etcd-bbolt: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-etcd-bbolt: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 golang-etcd-bbolt: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this o
Bugzilla
CVE-2026-27145 golang-codeberg-gbcox-beetpost: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-codeberg-gbcox-beetpost: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-codeberg-gbcox-beetpost: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificat
Bugzilla
CVE-2026-27145 rhc: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 rhc: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 rhc: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occu
Bugzilla
CVE-2026-27145 yggdrasil: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 yggdrasil: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 yggdrasil: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead
Bugzilla
CVE-2026-27145 golang-github-google-dap: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-google-dap: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-google-dap: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chai
Bugzilla
CVE-2026-27145 thrift: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 thrift: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 thrift: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occ
Bugzilla
CVE-2026-27145 docker-buildkit: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 docker-buildkit: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 docker-buildkit: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this o
Bugzilla
CVE-2026-27145 golang-k8s-sample-controller: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-k8s-sample-controller: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-k8s-sample-controller: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate
Bugzilla
CVE-2026-27145 golang-github-facebookincubator-go2chef: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-facebookincubator-go2chef: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-facebookincubator-go2chef: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the c
Bugzilla
CVE-2026-27145 golang-entgo-ent: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-entgo-ent: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-entgo-ent: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this
Bugzilla
CVE-2026-27145 golang-github-facebookincubator-contest: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-facebookincubator-contest: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-facebookincubator-contest: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the c
Bugzilla
CVE-2026-27145 gopass-hibp: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 gopass-hibp: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 gopass-hibp: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overh
Bugzilla
CVE-2026-27145 suseconnect-ng: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 suseconnect-ng: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 suseconnect-ng: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this ov
Bugzilla
CVE-2026-27145 golang-github-jsonnet-bundler: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-jsonnet-bundler: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-jsonnet-bundler: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate
Bugzilla
CVE-2026-27145 golang-etcd-bbolt: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-etcd-bbolt: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-etcd-bbolt: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this
Bugzilla
CVE-2026-27145 smtprelay: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 smtprelay: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 smtprelay: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhea
Bugzilla
CVE-2026-27145 runc: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 runc: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 runc: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occur
Bugzilla
CVE-2026-27145 golang-github-prometheus-alertmanager: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-prometheus-alertmanager: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-prometheus-alertmanager: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the cer
Bugzilla
CVE-2026-27145 golang-mongodb-mongo-driver: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-mongodb-mongo-driver: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-mongodb-mongo-driver: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate c
Bugzilla
CVE-2026-27145 golang-github-google-pprof: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-google-pprof: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
CVE-2026-27145 golang-github-google-pprof: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chai
Bugzilla
CVE-2026-27145 go-fdo-client: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 go-fdo-client: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 go-fdo-client: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this ove
Bugzilla
CVE-2026-27145 tinygo: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 tinygo: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 tinygo: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead o
Bugzilla
CVE-2026-27145 golang-github-envoyproxy-protoc-gen-validate: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-envoyproxy-protoc-gen-validate: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-envoyproxy-protoc-gen-validate: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building
Bugzilla
CVE-2026-27145 golang-github-emersion-smtp: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-emersion-smtp: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-emersion-smtp: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate c
Bugzilla
CVE-2026-27145 golang-github-erkexzcx-valetudopng: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-erkexzcx-valetudopng: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-erkexzcx-valetudopng: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certif
Bugzilla
CVE-2026-27145 nebula: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 nebula: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 nebula: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead o
Bugzilla
CVE-2026-27145 golang-codeberg-gbcox-beetbrainz: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-codeberg-gbcox-beetbrainz: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-codeberg-gbcox-beetbrainz: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certific
Bugzilla
CVE-2026-27145 betterleaks: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 betterleaks: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 betterleaks: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overh
Bugzilla
CVE-2026-27145 golang-github-instrumenta-kubeval: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
bugzilla·2026-06-29·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 golang-github-instrumenta-kubeval: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
CVE-2026-27145 golang-github-instrumenta-kubeval: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certifi
Bugzilla
CVE-2026-27145 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries
bugzilla·2026-06-02·CVSS 6.5
CVE-2026-27145 [MEDIUM] CVE-2026-27145 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries
CVE-2026-27145 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurred even for untrusted certificates.
https://go.dev/cl/783621https://go.dev/issue/79694https://groups.google.com/g/golang-announce/c/tKs3rmcBcKwhttps://pkg.go.dev/vuln/GO-2026-5037https://access.redhat.com/security/cve/CVE-2026-27145https://bugzilla.redhat.com/show_bug.cgi?id=2484207https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27145.json
2026-06-02
Published