CNNVD-202512-178 Information

CNNVD ID

CNNVD-202512-178

Related CVE

CVE-2025-61729

• CNNVD Published: 2025-12-02

Description (Chinese)

Google Go是美国谷歌（Google）公司的一种静态强类型、编译型、并发型，并具有垃圾回收功能的编程语言。 Google Go存在安全漏洞，该漏洞源于包crypto/x509中的HostnameError.Error函数构造错误字符串时未限制主机数量，可能导致资源过度消耗。

Description (English)

Google Go is a static type, compiler, hairdresser of Google and a programme language with a garbage recovery function. Google Go has a security loophole, which stems from the fact that the HostnameError.Error function in package 509 does not limit the number of hosts when it constructs the wrong string, which may lead to overconsumption of resources.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

谷歌

Published

2025-12-02

Last Modified

2026-02-24

References

https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://pkg.go.dev/vuln/GO-2025-4155 https://go.dev/cl/725920 https://go.dev/issue/76445 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61729

Patch

https://pkg.go.dev/vuln/GO-2025-4155