CLEANSTART-2026-ZH72202

See a problem?
Import Source
https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-ZH72202.json
JSON Data
https://api.test.osv.dev/v1/vulns/CLEANSTART-2026-ZH72202
Upstream
Published
2026-06-10T00:59:24.602505Z
Modified
2026-07-09T00:45:04.366984566Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash
Details

Multiple security vulnerabilities affect the kor package. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. See references for individual vulnerability details.

References

Affected packages

CleanStart / kor

Package

Name
kor

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.7-r0

Database specific

source
"https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-ZH72202.json"