Primary

Context

Go HostnameError Excessive Resource Consumption Vulnerability

Vulnerability

A vulnerability exists in the Go programming language's standard library, specifically within the crypto/x509 package, in versions prior to 1.24.11 and between 1.25.0 and 1.25.5. The issue arises in the HostnameError.Error() method, where error strings are generated by concatenating hostnames without any limit. This unbounded concatenation can lead to excessive resource usage, as the operation has a quadratic runtime complexity. Consequently, a maliciously crafted certificate can cause significant resource exhaustion.

Impact

Exploitation of this vulnerability leads to excessive resource consumption, which can cause performance degradation or denial-of-service conditions.

Remediation

Users can upgrade to Go versions 1.24.11 or 1.25.5 to address this vulnerability.

Added: Dec 2, 2025, 7:28 PM

Updated: Dec 2, 2025, 10:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

1.2

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

1.2

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Go HostnameError Excessive Resource Consumption Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating