AZL-71305

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71305.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-71305

Upstream

CVE-2025-61729

Published

2025-12-02T19:15:51Z

Modified

2026-04-01T05:22:02.095640Z

Summary

CVE-2025-61729 affecting package msft-golang 1.24.13-1

Details

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-61729

Affected packages

Azure Linux:2 / msft-golang

Package

Name: msft-golang
Purl: pkg:rpm/azure-linux/msft-golang

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.24.13-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71305.json"