CNNVD-202601-4449 Information

CNNVD ID

CNNVD-202601-4449

Related CVE

CVE-2026-24738

• CNNVD Published: 2026-01-27

Description (Chinese)

gmrtd是gmrtd开源的一个Go语言库。 gmrtd 0.17.2之前版本存在安全漏洞，该漏洞源于ReadFile接受长度过大的TLV，可能导致资源消耗不受约束。

Description (English)

gmrtd is a Go language library from gmrtd open source. A security loophole existed in the pre-gmrtd 0.17.2 version, which stemmed from ReadFile ’ s acceptance of too long TLV, which could lead to unconstrained resource consumption.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

gmrtd

Published

2026-01-27

Last Modified

2026-02-24

References

https://github.com/gmrtd/gmrtd/security/advisories/GHSA-j49h-6577-5xwq https://github.com/gmrtd/gmrtd/releases/tag/v0.17.2 https://github.com/gmrtd/gmrtd/commit/54469a95e5a20a8602ac1457b2110bfeb80c8891 https://access.redhat.com/security/cve/cve-2026-24738

Patch

https://github.com/gmrtd/gmrtd/releases