2407249 – (CVE-2025-61725) CVE-2025-61725 net/mail: Excessive CPU consumption in ParseAddress in net/mail

Bug 2407249 (CVE-2025-61725) - CVE-2025-61725 net/mail: Excessive CPU consumption in ParseAddress in net/mail

Summary: CVE-2025-61725 net/mail: Excessive CPU consumption in ParseAddress in net/mail

Keywords:
Status:	NEW
Alias:	CVE-2025-61725
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2408525 2408527 2408529 2408531 2408537 2408538 2408544 2408550 2408553 2408559 2408560 2408561 2408692 2408698 2408699 2408700 2408705 2408709 2408710 2408711 2408714 2408716 2408717 2408719 2408723 2408724 2408725 2408727 2408728 2408734 2408739 2408742 2408746 2408747 2408523 2408524 2408526 2408528 2408530 2408532 2408533 2408534 2408535 2408536 2408539 2408540 2408541 2408542 2408543 2408545 2408546 2408547 2408548 2408549 2408551 2408552 2408554 2408555 2408556 2408557 2408558 2408562 2408563 2408564 2408565 2408566 2408567 2408568 2408569 2408571 2408575 2408577 2408579 2408580 2408581 2408582 2408583 2408584 2408585 2408587 2408588 2408589 2408590 2408591 2408592 2408593 2408594 2408595 2408596 2408597 2408598 2408599 2408600 2408601 2408602 2408603 2408604 2408605 2408606 2408607 2408608 2408609 2408610 2408611 2408612 2408613 2408614 2408615 2408616 2408617 2408618 2408619 2408620 2408621 2408622 2408623 2408624 2408625 2408626 2408627 2408628 2408629 2408630 2408632 2408633 2408634 2408635 2408636 2408637 2408638 2408639 2408640 2408641 2408643 2408644 2408645 2408646 2408647 2408648 2408649 2408650 2408651 2408652 2408653 2408654 2408655 2408656 2408657 2408658 2408659 2408660 2408661 2408662 2408663 2408664 2408665 2408667 2408668 2408669 2408670 2408671 2408672 2408673 2408674 2408675 2408676 2408678 2408679 2408680 2408681 2408682 2408683 2408684 2408685 2408686 2408687 2408688 2408689 2408690 2408691 2408693 2408694 2408695 2408696 2408697 2408701 2408702 2408703 2408704 2408706 2408707 2408708 2408712 2408713 2408715 2408718 2408720 2408721 2408722 2408726 2408729 2408730 2408731 2408732 2408733 2408735 2408736 2408737 2408738 2408740 2408741 2408743 2408744 2408745 2408748
Blocks:
TreeView+	depends on / blocked

Reported:	2025-10-29 23:01 UTC by OSIDB Bzimport
Modified:	2026-04-30 04:17 UTC (History)
CC List:	105 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-10-29 23:01:42 UTC

The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.

Note You need to log in before you can comment on or make changes to this bug.

abarbaro
adistefa
akostadi
akoudelk
alcohan
amasferr
amctagga
anjoseph
ansmith
aoconnor
bdettelb
bniver
cmah
dhanak
dmayorov
doconnor
drosa
dsimansk
dymurray
ebaron
eglynn
fdeutsch
flucifre
gmeno
gparvin
haoli
hkataria
ibolton
jajackso
jbalunas
jcammara
jcantril
jchui
jhe
jjoyce
jkoehler
jlledo
jmatthew
jmitchel
jmontleo
jneedle
jprabhak
jschluet
kegrant
kingland
koliveir
kshier
ktsao
kverlaen
lball
lbragsta
lchilton
lgamliel
lhh
lphiri
lsvaty
mabashia
manissin
matzew
mbenjamin
mburns
mgarciac
mhackett
mnovotny
mwringe
nboldt
ngough
oramraz
owatkins
pahickey
pantinor
pbraun
peholase
pgaikwad
pgrist
pjindal
psrna
rfreiman
rhaigner
rjohnson
rojacob
sakbas
sausingh
sdawley
sfeifer
shvarugh
simaishi
slucidi
smcdonal
smullick
sostapov
sseago
stcannon
stirabos
teagle
tfister
thason
thavo
tsedmik
vereddy
veshanka
wenshen
whayutin
wtam
yguenane