Go Standard Library Net Mail vulnerabilities
4 known vulnerabilities affecting go_standard_library/net_mail.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4
Vulnerabilities
Page 1 of 1
CVE-2026-39820P3HIGHCVSS 7.5fixed in 1.25.10≥ 1.26.0-0, < 1.26.32026-05-07
CVE-2026-39820 [HIGH] CWE-770 CVE-2026-39820: Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger exce
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.
nvd
CVE-2026-42499P3HIGHCVSS 7.5fixed in 1.25.10≥ 1.26.0-0, < 1.26.32026-05-07
CVE-2026-42499 [HIGH] CWE-1046 CVE-2026-42499: Pathological inputs could cause DoS through consumePhrase when parsing an email address according to
Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.
nvd
CVE-2024-24784P3HIGHCVSS 7.5fixed in 1.21.8≥ 1.22.0-0, < 1.22.12024-03-05
CVE-2024-24784 [HIGH] CVE-2024-24784: The ParseAddressList function incorrectly handles comments (text within parentheses) within display
The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.
nvd
CVE-2025-61725P3HIGHCVSS 7.5fixed in 1.24.8≥ 1.25.0, < 1.25.22025-10-29
CVE-2025-61725 [HIGH] CVE-2025-61725: The ParseAddress function constructs domain-literal address components through repeated string conca
The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
nvd