CNNVD-202512-2778 Information

CNNVD ID

CNNVD-202512-2778

Related CVE

CVE-2025-68156

• CNNVD Published: 2025-12-16

Description (Chinese)

Expr是Expr开源的一个 Go 的表达式语言和表达式求值。 Expr 1.17.7之前版本存在安全漏洞，该漏洞源于多个内置函数未强制执行最大递归深度，可能导致堆栈溢出和进程崩溃。

Description (English)

Expr is an expression and expression of Go from the Expr Open Source. There is a security loophole in the preExpr 1.17.7 version, which results from multiple built-in functions that do not enforce the maximum regression depth, which may lead to stack spills and process collapses.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Expr

Published

2025-12-16

Last Modified

2026-02-24

References

https://github.com/expr-lang/expr/pull/870 https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68156

Patch

https://github.com/expr-lang/expr/releases