Bug 2407249 (CVE-2025-61725)
| Summary: | CVE-2025-61725 net/mail: Excessive CPU consumption in ParseAddress in net/mail | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | abarbaro, adistefa, akostadi, akoudelk, alcohan, amasferr, amctagga, anjoseph, ansmith, aoconnor, bdettelb, bniver, cmah, dhanak, dmayorov, doconnor, drosa, dsimansk, dymurray, ebaron, eglynn, fdeutsch, flucifre, gmeno, gparvin, haoli, hkataria, ibolton, jajackso, jbalunas, jcammara, jcantril, jchui, jhe, jjoyce, jkoehler, jlledo, jmatthew, jmitchel, jmontleo, jneedle, jprabhak, jschluet, kegrant, kingland, koliveir, kshier, ktsao, kverlaen, lball, lbragsta, lchilton, lgamliel, lhh, lphiri, lsvaty, mabashia, manissin, matzew, mbenjamin, mburns, mgarciac, mhackett, mnovotny, mwringe, nboldt, ngough, oramraz, owatkins, pahickey, pantinor, pbraun, peholase, pgaikwad, pgrist, pjindal, psrna, rfreiman, rhaigner, rjohnson, rojacob, sakbas, sausingh, sdawley, sfeifer, shvarugh, simaishi, slucidi, smcdonal, smullick, sostapov, sseago, stcannon, stirabos, teagle, tfister, thason, thavo, tsedmik, vereddy, veshanka, wenshen, whayutin, wtam, xiyuan, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A denial of service vulnerability has been discovered in the golang net/mail module. The ParseAddress function constructed domain-literal address components through repeated string concatenation which when parsing large domain-literal components, could cause excessive CPU consumption.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2408523, 2408524, 2408525, 2408526, 2408527, 2408528, 2408529, 2408530, 2408531, 2408532, 2408533, 2408534, 2408535, 2408536, 2408537, 2408538, 2408539, 2408540, 2408541, 2408542, 2408543, 2408544, 2408545, 2408546, 2408547, 2408548, 2408549, 2408550, 2408551, 2408552, 2408553, 2408554, 2408555, 2408556, 2408557, 2408558, 2408559, 2408560, 2408561, 2408562, 2408563, 2408564, 2408565, 2408567, 2408568, 2408569, 2408571, 2408575, 2408577, 2408579, 2408580, 2408581, 2408582, 2408583, 2408584, 2408585, 2408587, 2408588, 2408589, 2408590, 2408591, 2408592, 2408593, 2408594, 2408595, 2408596, 2408597, 2408598, 2408599, 2408600, 2408601, 2408602, 2408603, 2408604, 2408605, 2408606, 2408607, 2408608, 2408609, 2408610, 2408611, 2408612, 2408613, 2408614, 2408615, 2408617, 2408618, 2408619, 2408620, 2408621, 2408622, 2408623, 2408624, 2408625, 2408626, 2408627, 2408629, 2408630, 2408632, 2408634, 2408635, 2408636, 2408637, 2408638, 2408639, 2408640, 2408641, 2408643, 2408644, 2408645, 2408646, 2408647, 2408648, 2408649, 2408650, 2408651, 2408652, 2408653, 2408654, 2408655, 2408656, 2408657, 2408658, 2408659, 2408660, 2408661, 2408662, 2408663, 2408664, 2408665, 2408667, 2408668, 2408669, 2408670, 2408671, 2408672, 2408673, 2408674, 2408675, 2408676, 2408678, 2408679, 2408682, 2408683, 2408684, 2408685, 2408686, 2408687, 2408689, 2408690, 2408691, 2408692, 2408695, 2408696, 2408698, 2408699, 2408700, 2408701, 2408702, 2408703, 2408704, 2408705, 2408706, 2408707, 2408708, 2408709, 2408710, 2408711, 2408712, 2408713, 2408714, 2408715, 2408716, 2408717, 2408718, 2408719, 2408720, 2408721, 2408722, 2408723, 2408724, 2408725, 2408726, 2408727, 2408728, 2408729, 2408730, 2408731, 2408732, 2408733, 2408734, 2408735, 2408737, 2408738, 2408739, 2408740, 2408741, 2408742, 2408743, 2408746, 2408747, 2408748, 2408566, 2408616, 2408628, 2408633, 2408680, 2408681, 2408688, 2408693, 2408694, 2408697, 2408736, 2408744, 2408745 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-10-29 23:01:42 UTC
|