FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

go -- excessive resource consumption

Affected packages
go124 < 1.24.11
go125 < 1.25.5

Details

VuXML ID 245bd19f-d035-11f0-84e9-c7a56e37e3f0
Discovery 2025-12-02
Entry 2025-12-03

The Go project reports:

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out.

Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

[source]

References

CVE Name CVE-2025-61729
URL https://pkg.go.dev/vuln/GO-2025-4155

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.